Cyber risks can be lurking in the most unsuspecting places.
Members of a state professional society recently learned that the hard way. The society’s website had been compromised through a social engineering ploy, which allowed hackers to insert a Trojan virus on the site that targeted the victims. When members logged onto the “members only” area on the website, they were unknowingly giving hackers back-door access to their firms’ computer networks. This incident points out why cyber insurance with third-party liability coverage is essential for businesses of all sizes and sophistication.
It’s becoming increasingly difficult for a company to isolate itself from the rest of the online business world. A firm’s network may interact with other systems continuously in the normal course of business.
Third parties—ranging from marketing partners, information suppliers, vendors and subcontractors, financial intermediaries, and technology providers—can all be in electronic contact with various individuals or departments within an organization. Additionally, customers, business partners and affiliates, freelancers or contractors, and remote employees may connect to an enterprise on a regular basis.
All these virtual connections make third-party cyber liability a growing risk for businesses. If those outside parties experience a cyber attack, your firm’s private information or customer data could be compromised, as well.
Consider the following real-life examples of third-party risk from the Center for Cyber Security:
- J.P. Morgan Chase held a company-wide Corporate Challenge Race. It outsourced management of the event’s registration to a Michigan firm, whose system was hacked.
- Target Corp. had the credit card and personal data of 110 million customers stolen. How? Hackers found the retail giant’s vendors through a simple Google search, then sent phishing emails to employees of Target’s heating, ventilation and air conditioning (HVAC) provider. When one worker took the email bait, it allowed hackers to use the HVAC employee’s credentials to enter a portal into Target’s systems.
- A company hosting photo centers at Walmart, Costco, CVS, Rite-Aid, Sam’s Club and Tesco locations suffered a cyber breach, leading to thieves obtaining credit card information and other data from photo customers of all those outlets.
States are increasingly putting the legal burden on companies that have data stolen due to a third-party breach. Cyber security experts advise companies to choose vendors and partners that are knowledgeable about cyber risks and have robust security procedures and safeguards in place. They also recommend regular cyber security audits of third-parties to assure that these outside parties continue to meet security standards.
Even with such safeguards in place, a company must understand that it will continue to bear some—and possibly all—of the responsibility for a breach, and that all risks cannot be avoided. Bad things can happen even to companies that are highly attentive to data security.
That’s where cyber insurance plays a role; it helps mitigate the damage that results when a breach occurs, whether it originates within the walls of your business or elsewhere.
If your business needs professional-level cyber insurance protection, get in touch with ProDefender. Our experts can explain the advantages of ProDefender’s Cyber Insurance Plan—which provides comprehensive third-party liability coverage, in addition to protection for other cyber threats—and customize coverage to match your firm’s risks and budget.