By now we are all aware of the Black Friday attack on retailer Target stores which cost credit unions and community banks over $200 million, not including Target's costs or its customers' expenses. While Target may be the poster child of the epidemic of cybercrime, it is not the lone victim (In fact, Target's data breach, which affected 70 million customers, is not even the largest retail data breach to date).
According to PricewaterhouseCoopers' 2014 Global Economic Crime Survey, one in four respondents reported having experienced a cybercrime, 11% of which suffered financial losses of more than $1 million. Moreover, a recent report from the Center for Strategic and International Security states cybercrime cost the global economy $400 billion in 2013—$100 billion in the United States.
It is no surprise then that 85% of corporate executives surveyed by AIG in 2013 identified cyber risks as their biggest concern to profitability. However, less than a third of companies hold cyber liability insurance policies. Is your industry at risk?
PricewaterhouseCoopers' U.S. Cybercrime: Rising Risks, Reduced Readiness report includes results from the 2014 U.S. State of CybercrimeSurvey. The survey's results are the combined efforts of cyber-security leaders from PricewaterhouseCoopers, CSOmagazine, the CERT Division of the Software Engineering Institute atCarnegie Mellon University, the United States Secret Service, 500 executives of U.S. businesses, law enforcement services and government agencies.
The survey reveals the following significant incidents in 2013 to the banking and finance, healthcare, and insurance industries:
Banking & Finance
No incidents – 20%
Identify theft – 20%
Customer records compromised or stolen – 23%
Financial losses – 23%
Denial of service attacks – 29%
Financial fraud – 36%
Healthcare
Theft of electronic medical data – 15%
Customer records compromised or stolen – 19%
Financial losses – 19%
Email or other applications unavailable – 22%
Private or sensitive data unintentionally exposed – 22%
No incidents – 30%
Insurance
Confidential records (trade secrets or IP) compromised or stolen – 19%
Customer records compromised or stolen – 19%
Financial fraud – 19%
Unauthorized access/use of data, systems, networks –19%
Financial losses – 29%
No incidents – 38%
Finally, the survey found that the average number of security incidents detected in 2013 was 135 per organization. This does not account for incidents that go undetected. Last year 3,000 companies were unaware of cyber intrusions until notified by the FBI.
The warning is clear: any company processing the personal information of another is a target for cybercrime regardless of its size or industry. However, like retail, the banking and finance, healthcare, and insurance industries are especially rich targets because they obtain a wealth of personal information about their customers. Therefore, companies wanting to protect their money and their credit need to have a data breach response plan in place before it becomes necessary. As they say, "the best offense is a good defense."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.