Judy Greenwald at Business Insurance recently wrote about an increased demand for cyber security coverage following high-profile data breaches including those on Home Depot and Target.
It’s also expected that US retail companies will have to put up with higher insurance rates while seeing lower coverage limits for their insurance. The article highlighted that “much depends on persuading underwriters about the effectiveness of retailers’ cyber defenses”.
Allegedly, Target maxed out their $90 million cyber coverage to pay expenses related to its breach of 40 million credit card numbers last December. I wonder whether their insurance covered the financial losses incurred as a result of the fall of earnings by 46% and of sales by 3.2% after the breach?
Recent data breaches have prompted insurers to rethink their pricing models. Moreover, concerns have been raised as to whether they should offer this particular type of insurance at all, given the massive losses due to data breaches, for example to retailers with a large physical footprint.
Developing effective cyber security defences
While retailers can continue paying their insurance fees (as long as cyber security coverage is still being provided), this won’t make them safer, nor will it increase the trust of their customers and stakeholders. Apart from that, the costs associated with better cyber security protection are hardly higher than the costs caused by a data breach.
US retailers and any other companies that store, transmit, or process card holder data must comply with the Payment Card Industry Data Security Standard (PCI DSS), or risk paying ‘non-compliance’ or ‘data compromise’ fines. For these organizations, this should be the minimum measure and their first step to more effective cyber security defenses.
For further information on the PCI DSS, read PCI DSS A Pocket Guide. Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.0, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organization who deals with payment card processing.
