While the bottom-line costs of a security breach may be high, William J. Montanez, director of risk management for Ace Hardware Corporation, says his company is more concerned about the type of loss that is difficult to measure in dollars.
“The reputational risk of misusing data is our biggest concern,” he says. “The Ace Hardware name is our most valued asset.”
Ace Hardware has an in-house insurance agency through which its network of independent retailers can purchase cyber liability coverage. At the corporate level, Ace purchases a cyber-liability policy from the specialty market.
Montanez says that staff training on the company's network-security policy, adoption of best practices put forth by IT, and software controls are all pieces of the risk management puzzle. What has changed most recently, he adds, is a heightened awareness that Ace business partners need to share the same philosophy around security strategy.
“We work continually to clarify our contractual relationships with retailers and vendors, particularly if they're handling sensitive data, payroll data or banking data,” says Montanez. “They need to clearly understand and assume their responsibilities and liability [for data security].”
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.