Cyber security. Cyber breach. Cyber insurance. No longer terms of the future, is your firm ready to address each of these areas?
Experts agree that no matter the size of your business, if you handle Personally Identifiable Information (PII), you had better be prepared to protect it in ways you never considered before.
Or as a regulator ominously stated in response to a recent incident: “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs”.
The Securities & Exchange Commission case in question was settled with R.T. Jones Capital Equities Management in September when it was found that the firm violated the safeguards rule. The St. Louis firm, with assets under management of $481 million and approximately 8,500 accounts, experienced a loss of data on a third-party server via a suspected hack from 2009 to 2013 that exposed the PII of upwards of 100,000 individuals, many of whom were clients of the firm. The firm was fined $75,000 and had to take other precautionary steps to protect those affected.
This is a much more common problem than many realize. We hear about the high profile cases, but a report that tracks data intrusions indicates that there have already been 577 breaches in the country this year with nearly 156 million records exposed. It’s particularly frightening to see the sheer number of businesses and financial services companies that are included on the list. These types of reports are increasingly common since 47 states (plus Washington D.C., Puerto Rico, Guam and the U.S. Virgin Islands) have passed legislation which requires private or government entities to notify individuals of security breaches of information involving PII. Only Alabama, New Mexico and South Dakota have failed to follow suit.
The exposure of records can add up quickly. The financial sector ranks third in the per capita data breach cost at $259 per record lost (behind pharmaceutical and health industries at $298 and $398, respectively).
As a result, the trend of obtaining cyber insurance is on the rise. The Wall Street Journal has reported that advisors are increasing the business-insurance policies they hold and that some are opting for specific coverage that includes “computer fraud and related damages”.