Build a "Cyber Risk Watch Log"
There are several breaches making headlines as April wraps up. And, when you stare at the data in a certain way, they tell you what kind of threats to take most seriously as we guide you through our free cyber insurance assessment process. (Click here to schedule yours, if you haven't yet!)
The first case involves the University of Alaska: University warning of data breach over a year later.
As we often point out, even government agencies need to consider cyber insurance because although government has almost unlimited taxing power, that doesn't mean the "best ROI on tax dollars" is payment for data breach settlements!
What's concerning is not only that the breach took place, but again we're looking at a very long lead-time to discovery. Notice "blinky-boxes" didn't stop it.
To us, it underscores the fact that no matter how "educated" you think your staffis, breaches happen every day; only to be discovered a very long while later. As in the UofA example.
The other breach we're keeping an eye on this week is summarized in this report: "Mystery data breach reportedly exposes 80 million names, addresses, and income info. Tip of the hat to PCWorld.
Even more so, hats off to the two researchers at vpnMentorfor identifying the breach. Big deal? Oh, hell yeah...
With 80-million records involved, the odds are growing that this is another Long Delayed Breach Discovery (LDBD).
And it could be a hugely expensive one. At a basic PII (personally identifiable information) breach in the $100/record settlement range, this could be an $8-billion dollar breach
While you're penciling out how you would package that kind of "unexpected expense"for your company, might we suggest you open up a spreadsheet and begin tracking some basic information that can "wrap your head around risk" a bit?
Columns of Date, Records, and Organization size are obvious. Then maybe a drop down for breach type (PMI, PPI and so forth). Finish with company size and you can begin to price what would be in real estate some of your "comps."
This won't give you the insight one of our free assessments will, but you'll at least be able to think clearly about the scaleof the risk all companies face. Our assessments are much more detailed but a simple spreadsheet approach can be sobering.