Blog

Cyber Data Breach: Debunking Common Misconceptions

Posted by Mike Grant, Director, Technology Practice on February 2, 2015 at 10:00 AM
Cyber Data Breach:  Debunking Common Misconceptions

Due to recent data breaches at big name companies, awareness is high when it comes to cyber threats. Yet, misconceptions abound regarding a company’s liability and how insurance mitigates the cost of a breach.

Misconception #1: “Our company outsources critical processes to cloud providers, credit card processors and other specialty vendors. If a breach occurs, they are liable, not us."

The reality: Forty seven states (and many foreign countries) have their own privacy laws that identify the responsible party in the event of a breach.  Even with many different privacy laws, there is consensus when it comes to identifying the victim and responsible party and your company might not be off the hook the way you would imagine.  

For example, in the case of the Target breach, the crime originated with a HVAC vendor that did business with Target.  While hacking into the vendor’s computers, cyber criminals found a password that allowed them to access the Target IT system.  Once in Target’s system, the hackers dropped in malware that grabbed credit card numbers during transactions made at the store.  This data was then sent outside of Target’s system where the hackers could sell the credit card numbers on the black market.

To uncover the responsible party in this case, ask:  Whose customers’ data was stolen? Who was originally entrusted with that data? 

Although there were plenty of parties involved, Target is ultimately accountable because the victims of the attack are Target customers.  Target is responsible for notifying their patrons of the breach and monitoring their credit.  Throw in the high costs of the forensic investigation, legal services, crisis communication and damage to the brand and the potential loss grows.

While it’s possible for Target to recover some of these costs from the other vendors in the chain, it is dependent on the terms of the signed contract and the financial capability of that vendor to indemnify them. 

Make sure to check out our blog on the common misconception that a company’s current insurance program will help them recover from a data breach. To make sure your organization is prepared for a data breach, stream our seminar, on how to avoid a data breach nightmare and download the MMA 2014 Cyber & Data Security Risk Survey Report.  

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Cyber Awakening: 2014 Data & Cyber Risk Report Findings

Posted by Mike Grant, Director, Technology Practice on January 12, 2015 at 11:07 AM
Cyber Awakening: 2014 Data & Cyber Risk Report Findings

It’s no secret that cyber security is a major business concern. After all, every few weeks another massive breach makes front page news. While awareness is high, the real impact to middle market firms gets lost in the big name headlines. In order to identify business practices and trends among emerging and private organizations, Marsh & McLennan Agency LLC recently surveyed its nationwide client base on this crucial topic.

Here are some of the key takeaways from the nearly 600 responses:

  • 80% of respondents said their business activities include at least five of the following key cyber risk factors:

-  Processing credit card transactions
-  Holding past or present employee records
-  Processing/accessing banking information
-  Using computers connected to the Internet
-  Hosting websites that collect personal or confidential information
-  Holding client, customer or supplier information
-  Using the Cloud
-  Holding information subject to HIPAA
-  Linking employee laptops/PDAs to the employer's network

  • Most respondents indicated that they outsource many of these business activities that expose them to cyber risk.  Nearly 40% of the respondents have no process to ensure their protection in the event the vendor’s data is breached.  Among those companies that have a procedure, most have processes that are inadequate.
  • Nearly 61% of respondents had little understanding of how their insurance policies would respond to a cyber loss. Of that group, 83% had little to no understanding of cyber insurance policies.
  • 60% of respondents do not have a corporate disaster recovery plan in place.
Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Insurance Claims Spooky Story #3: The Scary Clown Hacker

Posted by Yvette Beaubien, Esq., Director Property & Casualty Claims on October 29, 2014 at 10:19 AM
Insurance Claims Spooky Story #3: The Scary Clown Hacker

You sell face paint to retailers and online in the United States, but your supplier is located in a foreign country.  You regularly wire payments to your overseas vendor for face paint.  Scary clowns are all the rage this year and your clown face paint kit is selling like hot cakes—your retailers have placed another purchase order for 100 cases by October 1st. Your supplier needs you to pay past due invoices by the end of day in order to make this deadline. However, your accounts payable clerk and CFO are out of the office attending a seminar. 

You receive the email from the supplier with the amount payable and a notification that the wire transfer account information has changed.  You don’t have time to wait for the CFO and accounts payable clerk to return, so you go ahead and make the payment.  Two days later the supplier emails you to request payment and confirm you still want the product shipped for delivery by October 1st. You check your online bank account and see the money has cleared. The bank confirms that the money was transferred, but to an account in New York.  You go back to the email you received and notice that the sender’s email address was not sam@vendor.com but sam1@vendor.com.  You’ve just been tricked in the worst way.  

To avoid this trick in the future, treat yourself to the following smart business practices:

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Insurance Update: 2014 – The Cyber Awakening

Posted by Mike Grant, Director, Technology Practice on August 6, 2014 at 10:00 AM
Insurance Update: 2014 – The Cyber Awakening

Data breach is a hot topic – and for good reason. Stories about businesses getting hacked are in the news almost every day. And it’s not just large corporations or technology companies that are affected. Any business, large or small, is at risk. According to The Hartford Insurance Company, one third of the data breaches investigated in 2012 took place at organizations with fewer than 100 employees. To hackers, any information is good information, so even small companies are vulnerable.

Why should you be concerned about data breaches? Breaches can have tremendously negative effects on your business, both in terms of cost and damaged reputation. The most obvious is the cost of corrective measures needed in the aftermath of the data breach including forensic investigation, legal services, notification costs, auditing and consulting services, public relations services, credit monitoring and more. According to the Ponemon Institute’s 2013 Cost of Data Breach Study, it costs an average of $188 per individual record that has been compromised.

In addition to being extremely expensive, a data breach can destroy trust and customer loyalty. Ponemon Institute’s study pointed out that for healthcare and financial services companies in particular, the risk of customer abandonment is high post-breach. Had the breaches at Target, Neiman Marcus and other retailers been included in the study, the retail sector would have been undoubtedly at the top of the high risk category.

So what can a business do to protect itself against this threat of a costly data breach?

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

Employee Benefits for Biotech Employers

Posted by Robert D'Angelo, Manager of EB Programs on June 9, 2014 at 10:00 AM
Employee Benefits for Biotech Employers

With Health Care Reform in full stride, many Life Science employers are finding that even with a healthy employee population, their benefits rates are increasing. Although life science and biotech are preferred risk industries for health underwriters, small companies with younger demographics are seeing the negative impacts of the Affordable Care Act (ACA).

Many employers are seeking ways to lower employee benefits rates while complying with the ACA. One opportunity for small companies to keep their costs low is to join a benefits trust, where multiple employers come together under a common entity. Our Beyond Benefits Trust, designed for Biocom member companies, does just this.

So why join? What’s in it for you? With more than 2,500 enrolled employees, Beyond Benefits delivers major advantages for Biotech employers. Specifically:

Read More

Topics: Employee Benefits, Health Care Reform, Technology

How Tech Companies Can Purchase Employee Benefits

How Tech Companies Can Purchase Employee Benefits

When is something worth doing twice?

When it works very well.

The Benefits Technology Trust is similar to a highly successful trust program we pioneered two years ago that enables life science and biotech companies to pool their purchasing power to buy employee benefits at more competitive prices.

Since the Beyond Benefits trust launched in January 2012, 185 biotech firms have saved more than $5.8 million in annual medical premium. In total, Beyond Benefits now covers more than 5,500 employees.

Opportunity For Tech Companies

The Technology Trust operates much like Beyond Benefits and addresses a genuine problem for growing tech companies: How to attract and retain the best technology talent. In California in particular, the biggest impediment to growth for many tech companies is getting the right people.

Established tech companies such as Google, Facebook, Oracle and others typically offer rich benefits programs. That’s a challenge for private or pre-IPO companies that don’t have the revenue to support similar benefits packages.

Read More

Topics: Employee Benefits, Health Care Reform, Technology

Employee Benefits…There’s an App for that?

Posted by Shawn Pynes, Principal, Director of Employee Benefits Division on April 14, 2014 at 10:00 AM
Employee Benefits…There’s an App for that?

Your Employee Benefits Communication Solution in One Handheld Place

There is no denying it… We are glued to our phones these days. We constantly want to be in touch through email or text and enjoy surfing the web, playing Candy Crush, checking online banking, maybe dating and more. Even the health care industry is creeping onto our cellular and tablet devices. Insurance companies now have applications that allow members to schedule appointments and doctors can even use mobile apps to make treatment decisions. Crazy, huh?

To hit a little closer to home for you as an employer, companies are using the technology their employees already interact with to their advantage. They’re developing personalized apps to allow employees easy access to benefits communications, plan details and insurance company information.

Here at Marsh & McLennan Agency, we developed the iBenefits app. This provides employees with 24/7 access to customized  benefits information. Employers big and small are finding it useful in more ways than one. Specifically:

Read More

Topics: Employee Benefits, Human Resources, Technology

Subscribe to Email Updates

Top Posts

Follow Us