Hacking, malware, and social engineering get a lot of attention as potential sources of loss in the cyber insurance world, and with good reason – 2019 data from a cyber-first carrier indicate these three vectors accounted for 62% of that carrier’s claims.[i]
But that leaves nearly 40% of claims that are attributable to less headline-grabbing causes. Some are downright boring. And because they don’t get much attention, they can be overlooked when putting together a risk management strategy. So, let’s examine some other commons areas of loss.
Accidental exposure accounted for nearly one-fifth of reported claims. For example, someone in the tech department might deploy a piece of code incorrectly, inadvertently exposing sensitive data or disabling mission critical systems. Or, an employee might accidentally send an email attachment with personally identifiable information (PII) to the wrong recipient, causing a breach.
Malicious insider activity accounted for 7% of claims. While accidental exposure is also done by insiders, it is not intentional. But the type of activity here is deliberate and meant to harm the company. Think of a disgruntled employee, or one who is planning to leave soon and wants to steal corporate data, and you have an idea of motives behind a malicious insider attack.
Portable devices made up 4% of claims. It’s common to see laptops, USB thumb drives, and cell phones lost or stolen. We’ve been saying for years that these types of devices should be encrypted to limit exposure. Because many employees access company email on their personal cell phones, we also highly recommend they have a security code present to unlock their phones as added protection should the phone fall into the wrong hands.
Physical loss/non-electronic records made up 3% of claims. For all the talk about going paperless, most companies still have a lot of paper floating around, and these documents contain proprietary, sensitive, and/or confidential information. Paper files that are lost or end up in the wrong hands can and do result in claims. Physical backups, such as tapes and other media, could also be lost or stolen.