JP Morgan Chase. Community Health Systems. The Home Depot. Kmart. There has been no shortage of data breaches in recent weeks—with new developments on an almost daily basis. The age of cyber hactivisim, cyber extortion, and cyber terrorism is here, and it is not going away any time soon.
Data security issues are no longer just an IT Department concern. Indeed, they have become a matter of corporate survival, and therefore companies should incorporate them into enterprise risk management and insurance risk transfer mechanisms, just as they regularly insure other hazards of doing business. As the number of data breaches has increased, the demand for cyber insurance has likewise dramatically increased more than that for any other insurance product in recent years. Every board of directors should be questioning its officers and management as to “whether or not its company should be purchasing cyber insurance to mitigate its cyber risk.” If management answers, “Oh, it costs too much,” or “Oh, it will never pay off,” second opinions should be obtained. Rapidly. Because neither answer is correct.