Home > Property & Casualty > The “frenemy” within – data breaches by insiders a growing concern

The “frenemy” within – data breaches by insiders a growing concern

Six-figure losses common for even small businesses

A survey by Symantec of more than 3,000 businesses provides useful information about the current state of corporate cybersecurity. Symantec’s 2011 State of Security Survey found that 73% of small and midsize companies had suffered a cyber attack in the past year, and that 30% of the attacks were “somewhat/extremely effective” in compromising the victims’ data. Companies are on alert. According to the study, in fact, companies considered cybersecurity their greatest threat — greater than criminal activity, natural disasters, and terrorism.

Many companies are already bristling with perimeter weaponry designed to prevent external attacks, but their defenses are not impregnable. More than 70% of the respondents experienced cyber attacks in the previous year. The costs of those attacks were substantial. Twenty percent of the small and medium-size businesses in the survey incurred at least $100,000 in damages from cyber attacks in the past year. Twenty percent of larger business incurred at least $271,000 in damages.

Companies are also learning that some of their biggest data security risks are caused by friendly fire. While 49% of the survey respondents said hackers where their greatest security threat, nearly as many — 46% — said that “well-meaning insiders” were their greatest threat, and 45% considered targeted attacks as their greatest concern. Competitive and political espionage were therefore perceived as less of a threat than inadvertent breaches by employees and service providers.

Other sources confirm the persistence of breaches caused by insiders. The Department of Health and Human Services website lists HIPAA breaches affecting 500 or more individuals. While many reflect malicious breaches, many cite “other,” “loss” or “improper disposal” as the cause of the breach instead of “theft” or “unauthorized access.” Incidentally, many of the HIPAA breaches cite “paper” as the medium rather than electronic media — not what most people are thinking about these days.

Why does this matter? Increased sensitivity to insider breaches could help accelerate the evolution in how companies think about their data security infrastructure — and how they allocate their funds and efforts.The growing awareness of the dangers lurking within the corporate tent reflects an evolving focus from perimeter defense toward data prioritization (giving greater protection to the most important data), employee training and vendor management (to reduce inadvertent breaches) and after-the-fact breach mitigation (breach response and insurance). For a discussion of the importance of post-breach forensics, see one of my past blog posts.

Insurance protection for privacy-related breaches by employees and vendors can be addressed in various types of insurance policies, but not all will protect an insured from all acts of insiders. The variability of insurance coverage for “insider” breaches reflects the polyglot state of affairs in the cyberliability world. Coverage problems can arise from the nature of the particular insurance policy at issue (for example, an E&O policy versus a privacy policy) and from insurers’ inherent aversion to paying for intentional wrongdoing — an aversion that can miss important distinctions among the guilty and the innocent. Companies and their advisors need to be alert to the nuances in policy terms to make sure that insurance insult is not added to injury after a breach caused by an insider.

About the Author

John Doernberg is a Vice President at WGA. He is responsible for developing relationships and serving as a resource for WGA clients, with a particular focus on privacy, information security and risk management issues. Before becoming an insurance broker in 1995, he practiced law for more than ten years at major firms.

617.646.0336 JDoernberg@wgains.com Connect with John via LinkedIn


  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s