Why Do I Need Database Insurance by IT Risk Managers?

Why Does My Business Need Database (Cyber) Insurance?

Like any insurance purchase the answer is simple.... to protect against financial loss. The business that suffers a data breach or loses PII is responsible by law and can be held liable by its customers.

Data Breach events or Cyber-Attacks as the media likes to refer to them are becoming more frequent and common place. The size of your business really does not matter While the bigger companies i.e. Chase Bank, Sony, Target, Staples, Home Depot, Jimmy Johns and Best Buy just to name a few companies that experienced a data breach event in 2014, might have received most of the headlines and publicity, it is only a matter of time before your business or another business of your size experiences a data breach event. Studies show that hackers start out small and then work their way up to larger companies. If it happens, can you or your business afford the financial loss? If the answer is "NO"... then you should consider transferring the financial risk by purchasing database insurance. It is just that simple.

If the answer is "YES", then ask yourself how much can you afford to lose? Keep reading....

According to Ponemon Institute, the actual costs of data breach event in 2016 was $158 per record with an average cost of $7 million per company. Two-Thirds of the cost of a breach represented indirect costs, such as diversion of manpower to deal with the breach and loss of customers.

How much can your business afford to lose?

If you don’t transfer this risk, then you are self-insured and responsible for 100% of the financial loss, expenses and possible damages. A data breach event could cost you your entire business. Your company’s biggest asset is no longer the building and equipment that you purchase, it is now the information and data that you store on your computer networks. Database Insurance won’t prevent you from losing the data or experiencing a breach event, but if done correctly it can assist your business during the process if an event occurs and will keep you financially whole. In fact, it might just financially save your business, you decide!

According to the U.S. House Small Business Subcommittee on Health and Technology, 20% of all cyber attacks hit small businesses with 250 or fewer employees. About 60% of small businesses dissolve within six months of a cyber attack primarily due to financial reasons. Hackers attack databases for a number of reasons which can include financial, economic, political or military advantages. While some hackers might be fighting a Cyber war, most hackers steal information because they can or for financial gain. By monetizing information like credit card numbers or other PII such as social security numbers or health records it is an easy way to make some quick money.

According to the published Symantec Global Internet Security Threat Report, it details some of the going rates on the black market for stolen credit cards, stolen bank account numbers, stolen email passwords, etc. Here is a listing:

  • Stolen Credit Card Numbers: $0.40 to $20
  • Stolen Online Bank Account Log In Information (User Name, Password, etc.): $10 to $1,000 depending on the amount of funds in the account
  • Stolen Online Auction Site Log In Information (i.e. eBay): $1 to $8
  • Stolen Email Passwords (i.e. Sarah Palin): $4 to $30

As you can see 30,000 stolen credit card numbers, at just $10 per number equals $300,000. That is a very nice payday. Add to this, the fact that if the hacker resides outside the United States, it is very difficult for US officials to catch, prosecute or even stop the hacker. So while you and I work very hard to make a living, a hacker does not have to work too many days to make their business extremely profitable.