Are you exposed to cyber risk?

By Kenneth Golsan
As a subject that is commonly current in client risk review discussions and, in addition, can be challenging to evaluate, we thought it might be helpful to summarize the 10 most costly data breach events that U.S. based companies have experienced to date.

Such is growing rapidly.  Year 2014, compared to 2013, saw a 28% increase with a record 783 breaches occurring.  Nearly 291 million personal records compromised (as an aggregated total of the top 10 breaches).  Considering current U.S. population of roughly 321 million – that is quite concerning.  Personal side note:  If your personal information has not yet been compromised, stick around.  Further yet, consider protection of some kind.

Here are the Top 10 Data Breaches summarized:

Company Business Event Description Estimate
Epsilon Marketing Firm Hackers obtained names and emails from system affecting 75 of their clients (Best Buy, JPMorgan, Capital One, Citi) $4 billion
VA Veterans Admin. Laptop and external hard drive stolen and breached database of 27 million veteran records $500 million
Hannaford Bros. Grocery Store Chain Cyberattack collected 4.2 million credit/debit cards, installed malware on server’s affecting 300 stores $252 million
Sony Playstation Division Hackers obtained 100 million customer records via gaming device and halted Playstation network $171 million
Target Retail Chain Hackers obtained 110 million credit/debit card customer info tapping into third-party point-of-sale payment card readers $162 million
TJ Maxx Retail Clothing Chain Security breach of 100 million credit/debit card records stolen over 18-month period $162 million
Heartland Payment Systems Credit Card Processor Malware compromised 130 million credit/debit card records $140 million
Anthem Health Insurer Cyber attack revealing info on 80 million people (names, addresses, ss #) creating liability for identity theft potential $100 million
Sony Sony Pictures Hacker stole data from system and launching malware program erasing system data $100 million
Home Depot Retail Chain Cyberattack of 56 million credit/debit card records and malware launched on system five months before detected $53 million

Now, what does this mean to all of us?

Step 1: Identify your particular and unique exposure.
Step 2: Consider appropriate strategies.
Step 3: Implement accordingly.
Step 4: Monitor the impact and adjust strategies where necessary.

Note that several breaches were established several months or years before detection. Similar to Crime exposures, the financial impact can be one that is a “slow leak” (unnoticeable) vs. a single momentary (clearly visible) catastrophe.