Newsletter Sign-up

According to its third annual study of U.S. companies, the occurrence of cyberattacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent. Conducted by the Ponemon Institute and sponsored by HP, the 2012 Cost of Cyber Crime Study found that the average annualized cost of cybercrime incurred by a benchmark sample of U.S. organizations was $8.9 million.

This is a 6 percent increase over the average cost reported in 2011, and a 38 percent increase over 2010, the company said in a statement. With the current inflation rate at about 2 percent, it is clear that the cybercrime cost increases are potentially catastrophic, especially in the current weak economy.

Obviously, this is very bad news. In insurance terms, our risk is increasing dramatically, while our risk mitigation seems to be less and less effective. Yet, we cannot afford to simply throw up our hands in frustration, especially when we are charged with protecting the data of our insureds and partners. Our data security ship may be springing more leaks, but to allow this vessel to sink would be suicidal.

"Organizations are spending increasing amounts of time, money and energy responding to cyberattacks at levels that will soon become unsustainable," said Michael Callahan, vice president at HP's Worldwide Product and Solution Marketing, Enterprise Security Products.

It seems the sheer volume of attacks is increasing to a level where at least some of us may not have the resources to keep fighting them. That hasn't happened yet, however, and our industry cannot afford to allow it to occur, because if our customers' data is not secure in our hands, they will no longer be our customers.

There is hope, however. Callahan said "the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of ... attacks."

Indeed, while no solution is perfect, many are still effective. "Organizations that deployed security information and event management (SIEM) solutions realized a cost savings of nearly $1.6 million per year," according to HP. "As a result, these organizations experienced a substantially lower cost of recovery, detection and containment than organizations that had not deployed SIEM solutions."

Perhaps more importantly, insurers and other financial organizations who take such steps are demonstrating due diligence in protecting data assets, their own and their customers. This could turn out to be a critical factor if and when losses occur, because being able to show adequate due diligence is a key to defending against legal actions that will inevitably occur.

Insurance is a tremendously competitive marketplace, and that's not going to change any time soon. The deciding factor for success among the players may ultimately be the extent to which insurance organizations actively fund the effort to defend and fight against cybercrime. Thus, budgets in this area need to increase to reflect the urgency of the mission, which is nothing less than survival.

ARA TREMBLY is founder of Ara Trembly, The Tech Consultant. He writes about insurance and technology and can be reached at riskletters@lrp.com.

December 17, 2012

Copyright 2012© LRP Publications