2016 was the year that data breaches landed and stayed prominently in both national and international headlines - impacting all major markets.
According to the Beazley Breach Insights report , based on the insurer’s client data breaches in the first nine months of 2016, the Beazley Breach Response (BBR) Services unit managed 1,437 data breaches on behalf of clients, compared to 931 breaches during the same period last year. Overall, hackers are focusing more attention on financial institutions, according to Beazley. In the first nine months of 2016 hacking and malware breaches accounted for 39 percent of the data breaches suffered by financial institutions, up from 26 percent for the comparable period in 2015.
Within healthcare organizations, the Beazley report shows, breaches caused by unintended disclosure represented 40% of all industry incidents in 2016 to date, a sharp rise from 28% in the first three quarters of 2015. This is connected to the large amount of information shared between organizations in this industry. Additionally, 19% of healthcare breaches were caused by hacking or malware in 2016, down from 28% in 2015.
Cyber risks include identity theft as a result of security breaches where Personally Identifiable Information (PII) is stolen by a hacker or inadvertently disclosed, including such Social Security numbers, credit card numbers, employee identification numbers and more. Security breachers also cause business interruptions, damage to an organization's brand and reputation.
As defined by the U.S. Office of Management and Budget (OMB), PII is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth and mother’s maiden name.
According to the Insurance Information Institute, cyber incidents were ranked as the third-highest global business risk in 2016, Allianz’s Risk Barometer determined. The average cost of a breach in the United States reached $7 million in 2016, a Ponemon Institute survey cited.
As 2017 takes shape, the National Association of Insurance Commissioners reports that cybersecurity risks have become more significant as critical consumer financial and health information is increasingly stored in electronic form.
As people become more reliant on electronic communication, and as businesses collect and maintain ever more granular pieces of information on their customers, the opportunity for cyber threats to cause major problems for businesses and the public is exploding.
Recent high-profile data breaches have led regulators to work toward strengthening insurer defenses against attacks.
In late 2014, the NAIC Executive (EX) Committee appointed the Cybersecurity (EX) Task Force to serve as the central focus for insurance regulatory activities related to cybersecurity. State insurance regulators are committed to developing tools to ensure effective regulation to protect consumers.
In addition, the NAIC is working toward developing an insurance data model law to establish standards for data security. This includes establishing standards for investigating a data breach and providing requirements for notifying regulators and consumers.
The NAIC has already developed a Roadmap for Cybersecurity Consumer Protections and Principles for Effective Cybersecurity: Insurance Regulation Guidance.
Today, organizations must limit the use, collection, and retention of PII to only what is critically necessary for organizational purposes. Many times, for many enterprises in all markets, it is not readily known what information is stored and where it is located to effectively manage and protect it.
What is your organization doing to protect PII? What are your biggest concerns regarding protecting PII? Let us know! Share your thoughts in our Leave a Comment section below!