The hack of Apple accounts that led to nude photos of celebrities and athletes being posted on Internet forums by unknown hackers is just another example of the need for vigilance when it comes to cybersecurity.
Some cybersecurity experts blame the hacking of celebrity photos on inadequacies in Apple’s cloud and mobile security, while others point out—more generally—that the situation simply demonstrates security is lacking in some degree in cloud-services security. Apple denies that its iCloud or Find My iPhone systems were hacked. In the meantime, the FBI has begun an investigation, and, interestingly, Apple stock sank 4.2 percent yesterday.
This week also brings news of another large attack on a major retailer. On his Krebs on Security website, cybersecurity blogger Brian Krebs reports that multiple banks say they see evidence that Home Depot stores have been hacked and the stolen data is the source of a massive new batch of stolen credit and debit cards now for sale in the cybercrime underground. Home Depot says it’s working with banks and law enforcement agencies to investigate reports of suspicious activity. There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target last year.
Both of these events remind me of a recent BusinessWeek article in which Karen E. Klein notes that the National Small Business Association reports that in a survey of members last year, almost half of the respondents had experienced security breaches—and nearly 60 percent of those incidents resulted in business interruption. Furthermore, although more than 90 percent of those surveyed said they were very or somewhat concerned about cybersecurity, one in four reported knowing little to nothing about cybersecurity issues.
Because there now is such a significant threat of hackers gaining access to systems and obtaining confidential information, there has been a corresponding rise in claims for so-called cyber-liability insurance, says Harris Tsangaris, senior vice president at insurance broker NFP, in the BusinessWeek article. This insurance covers both electronic hacking incidents and confidentiality breaches that result if a company isn’t properly disposing of paper files that contain financial information, he says.
The insurance typically includes liability coverage in case lawsuits are filed over the security breach, Tsangaris says in the article. It usually pays for the cost of notifying all individuals who have been affected, as well as providing credit monitoring services for them after their confidential information has been compromised. Another cost that should be included in a cyber-liability policy is any regulatory fines or penalties that could be levied against the company as a result of the breach, Tsangaris says.
As companies continue to rely on facilities around the world to supply products, any disruption in supply or distribution chains—caused, for example, by natural disasters such as earthquake, tsunami or river flood—may lead to significant interruption and loss to a business. Consequently, companies increasingly rely on contingent business interruption insurance to protect themselves from business interruption losses when a logistics system fails due to a covered cause of loss. Fortunately, a company may be protected from such losses even if the company itself has not suffered any damage to its own property because there has been a disruption in its supply or distribution chain.
I wonder if there will likewise be steadily growing demand for cyber-liability policies to protect against security breaches. What are your thoughts on these policies? Is this just the cost of doing business these days?
The other issue is what seem to be inadequacies in cloud-services security. Is this a concern where you work, or should it be?