As your business adopts more digital technology, you could expose yourself to new risks.

In almost every type and size of business, digital technology is now a critical, strategic component for competing anywhere. From the office to the factory floor, from the remote employee’s home to the warehouse, advanced technology is what makes an organization more effective and efficient.

Yet, with this surge of technology comes new risk. Devices, networks, and software—and business processes enabled by them—expose organizations to numerous vulnerabilities that must continually be assessed and mitigated, by either assuming or transferring the new exposure.

Here are four digital risks to consider as part of your overall corporate risk strategy:

Cyber Risk

Phishing scams, malware viruses, and ransomware attacks are just some of the many weapons hackers and other criminals use to prey on organizations. And if you think resolving a cyberattack is simple, think again. In 2017, the average cost of a data breach for enterprises in North America was $1.3 million, according to Kaspersky Lab. For small and medium businesses, it was $117,000.

With so many people and so many devices using your network—employees, contractors, business partners—any one of them can open a gateway to your most valuable data simply by clicking on the wrong link in an email. Every business should have training programs and policies in place to address these risks.

And if/when a breach occurs, does your insurance cover it? Many general liability, umbrella, and crime policies do not cover such losses; some even specifically exclude cyber events. In 2018, most risk managers consider specific cyber insurance a necessary supplement to their insurance programs.

Operational Risk

Internet of things (IoT) technology can offer extraordinary benefits to many companies. With machinery and sensors—from office copiers to CNC machines—networked organizations can more easily manage and troubleshoot their operations. But new connectivity also raises new risks.

Earlier this decade, the Stuxnet malware was inserted into Iran’s nuclear enrichment systems to severely damage centrifuges and disrupt the program. Since then, these threats have become even more sophisticated, putting a company’s entire operation at risk.

All businesses need vulnerabilities assessments to mitigate operational risks. Certain insurance strategies can help cover both direct losses (property damage) and indirect losses (business interruption), while other strategies provide protection from liability claims (Contractual Liability/Errors & Omissions Liability).

Supply Chain Risk

Consider your company’s potential liability if a technology issue impacts your customer base. Businesses should assess the risk of suppliers being unable to deliver products or services due to their own problems. Supply chain insurance can cover losses caused by delays or disruptions in receiving products or services.

This risk is particularly problematic today because so many organizations rely on technology vendors to deliver mission-critical infrastructure. Whether your systems and data are on premise, hosted by a vendor, running in the cloud, or a mix, a technology supplier whose own systems are disrupted or breached can cause you operational and/or financial issues. In 2017, 56% of companies suffered a data breach related to a third party, according to the Ponemon Institute.

Technology supplier risk is a contingency that should be covered in every company’s disaster recovery plan and addressed by their corporate risk strategy.

Privacy Risk

For many hackers and cyber criminals, private data is their most valuable prize. Unfortunately, today’s reality finds organizations storing proprietary information in a multitude of places and transmitting it via countless methods, some less secure than others. Keeping network passwords on a smartphone, for example, is an invitation to disaster. Between 2005 and 2015, more than 40% of all corporate data breaches were caused by a lost device, according to TrendMicro. Every business should have policies and tools to protect their privacy.

Privacy liabilities now extend far beyond your firm’s sensitive data. As many firms continue to adopt bring-your-own-device (BYOD) policies for employees, a business could be liable if an employee’s private data on his or her own device is compromised during the course of employment. With location-based technology becoming omnipresent, what are the risks of your company tracking your employees’ whereabouts? If your business utilizes drones with cameras for any reason, are you at risk of invading anyone’s privacy?

Because these issues are continually changing, it’s critical to regularly review the evolving technology exposures, evaluate the risks, and present new risk management solutions.

Be proactive.

Understand new risks introduced by the evolving landscape of digital technology better by calling M&T Insurance Agency to review your current policies and learn more about how to protect your business.


Insurance products are offered by M&T Insurance Agency, Inc., not by M&T Bank. MTIA is a wholly owned subsidiary of M&T Bank.

This article is for informational purposes only and is not intended as an offer or solicitation for the sale of any financial product or service. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. If professional advice is needed, the services of a professional advisor should be sought.


Share this page

If you are interested in sending this page to a friend or relative, please enter the following:

* Indicates required fields
+ Add another

No personal information (including e-mail addresses) about you or your friend will be collected from this e-mail notification feature offered by M&T Bank.

Please Note:

By clicking "ok" below, you will leave and enter a Third-Party Website.

Tenga en cuenta que:

Al hacer clic en “Aceptar”, abandonará e ingresará en el sitio web de un tercero.

Please note that:

  • The Third-Party Website is governed by a different set of terms and conditions and privacy policy than and you should review those terms, conditions and privacy policy prior to reviewing the content of the Third-Party Website
  • M&T is providing a link to the Third-Party Website as a convenience and does not necessarily control the content of, or endorse, the Third-Party Website, it's owner/operator or any information, products or services that are made available on or through it
  • M&T makes no representations or warranties regarding the information, products or services provided through the Third-Party Website

Such Third-Party Website's owner/operator may be regulated by governmental entities and laws that are different than those that regulate M&T.

Tenga en cuenta que:

  • El sitio web de un tercero está regido por un conjunto de términos y condiciones y una política de privacidad diferentes que, por lo tanto, deberá revisar esos términos y condiciones y la política de privacidad antes de evaluar el contenido del sitio web de un tercero
  • M&T le proporciona un enlace al sitio web de un tercero para su comodidad y no necesariamente tiene control sobre el contenido, o se adhiere, al sitio web del tercero, su propietario/operador o ni a ninguna parte de la información, producto o servicio que se ofrezca a través de él
  • M&T no ofrece declaraciones ni garantías respecto de la información, productos o servicios prestados a través del sitio web de un tercero

El propietario/operador de ese sitio web de un tercero podría estar regulado por entidades gubernamentales o leyes que son diferentes a aquellos por los que está regulado M&T.