As your business adopts more digital technology, you could expose yourself to new risks.
In almost every type and size of business, digital technology is now a critical, strategic component for competing anywhere. From the office to the factory floor, from the remote employee’s home to the warehouse, advanced technology is what makes an organization more effective and efficient.
Yet, with this surge of technology comes new risk. Devices, networks, and software—and business processes enabled by them—expose organizations to numerous vulnerabilities that must continually be assessed and mitigated, by either assuming or transferring the new exposure.
Here are four digital risks to consider as part of your overall corporate risk strategy:
Phishing scams, malware viruses, and ransomware attacks are just some of the many weapons hackers and other criminals use to prey on organizations. And if you think resolving a cyberattack is simple, think again. In 2017, the average cost of a data breach for enterprises in North America was $1.3 million, according to Kaspersky Lab. For small and medium businesses, it was $117,000.
With so many people and so many devices using your network—employees, contractors, business partners—any one of them can open a gateway to your most valuable data simply by clicking on the wrong link in an email. Every business should have training programs and policies in place to address these risks.
And if/when a breach occurs, does your insurance cover it? Many general liability, umbrella, and crime policies do not cover such losses; some even specifically exclude cyber events. In 2018, most risk managers consider specific cyber insurance a necessary supplement to their insurance programs.
Internet of things (IoT) technology can offer extraordinary benefits to many companies. With machinery and sensors—from office copiers to CNC machines—networked organizations can more easily manage and troubleshoot their operations. But new connectivity also raises new risks.
Earlier this decade, the Stuxnet malware was inserted into Iran’s nuclear enrichment systems to severely damage centrifuges and disrupt the program. Since then, these threats have become even more sophisticated, putting a company’s entire operation at risk.
All businesses need vulnerabilities assessments to mitigate operational risks. Certain insurance strategies can help cover both direct losses (property damage) and indirect losses (business interruption), while other strategies provide protection from liability claims (Contractual Liability/Errors & Omissions Liability).
Supply Chain Risk
Consider your company’s potential liability if a technology issue impacts your customer base. Businesses should assess the risk of suppliers being unable to deliver products or services due to their own problems. Supply chain insurance can cover losses caused by delays or disruptions in receiving products or services.
This risk is particularly problematic today because so many organizations rely on technology vendors to deliver mission-critical infrastructure. Whether your systems and data are on premise, hosted by a vendor, running in the cloud, or a mix, a technology supplier whose own systems are disrupted or breached can cause you operational and/or financial issues. In 2017, 56% of companies suffered a data breach related to a third party, according to the Ponemon Institute.
Technology supplier risk is a contingency that should be covered in every company’s disaster recovery plan and addressed by their corporate risk strategy.
For many hackers and cyber criminals, private data is their most valuable prize. Unfortunately, today’s reality finds organizations storing proprietary information in a multitude of places and transmitting it via countless methods, some less secure than others. Keeping network passwords on a smartphone, for example, is an invitation to disaster. Between 2005 and 2015, more than 40% of all corporate data breaches were caused by a lost device, according to TrendMicro. Every business should have policies and tools to protect their privacy.
Privacy liabilities now extend far beyond your firm’s sensitive data. As many firms continue to adopt bring-your-own-device (BYOD) policies for employees, a business could be liable if an employee’s private data on his or her own device is compromised during the course of employment. With location-based technology becoming omnipresent, what are the risks of your company tracking your employees’ whereabouts? If your business utilizes drones with cameras for any reason, are you at risk of invading anyone’s privacy?
Because these issues are continually changing, it’s critical to regularly review the evolving technology exposures, evaluate the risks, and present new risk management solutions.
Understand new risks introduced by the evolving landscape of digital technology better by calling M&T Insurance Agency to review your current policies and learn more about how to protect your business.
Insurance products are offered by M&T Insurance Agency, Inc., not by M&T Bank. MTIA is a wholly owned subsidiary of M&T Bank.
This article is for informational purposes only and is not intended as an offer or solicitation for the sale of any financial product or service. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. If professional advice is needed, the services of a professional advisor should be sought.