Debunking 4 Common Myths About Your Data
We recently published an eBook providing a comprehensive look at cyber risks and how Cyber Insurance can serve as an important part of a company’s risk management program. Here, we’re going to address a few of the more common misconceptions about your data, since arguably the biggest difficulty in protecting it is a misunderstanding of the actual dangers. As you’ll see, many of these myths play into each other, often creating a very difficult situation for those people and companies that have suffered a breach.
“Cyber security is about ensuring that sensitive data isn’t stolen”
There are many potential dangers when suffering a breach, and theft isn’t the only one. For example, the person or people who want to infiltrate your system may be looking for a reason to disrupt your operations. One way of doing this is by wholesale deletion of valuable data. However, an even more effective approach is through making random changes in your documents. Changing serial numbers, file names, and monetary values at random not only causes significant problems in those particular cases, but it calls into question the integrity of the entire database. If the extent of the breach can’t be ascertained, the psychological damage can be tremendous.
“My biggest concern in a data breach is how my data is affected and how that affects me”
So you understand that the effect of a breach on your data is broader than just the theft of sensitive information, but it’s important to recognize that data breaches rarely affect just you or your company. Consider the information you have on your server about your clients, employees, and contractors. If this information is breached, then you’re responsible for the release of the confidential information of others, and you may be legally required to notify interested parties. These notification costs can really add up – for example, you may have credit card information for hundreds of thousands of people. Furthermore, you may be responsible for any damage done to these individuals; third-party costs often account for a large proportion of the expense of cyber breaches.
“I don’t need to worry as much about safeguarding non-sensitive information”
Disregarding the question of notification costs for information that is not yours, it’s important to ask yourself what would make some information sensitive and some not. Obviously, some data has immediate and clear value, but all data can be of value in one way or another. For example, a hacker looking to steal the identity of an individual can make use of many different pieces of information, much of it “non-sensitive”, to achieve his or her goal. Putting together enough pieces of non-sensitive information can quickly make it sensitive – which actually has to do with another common misconception…
“The only information out there is what I have chosen to reveal”
This is unfortunately inaccurate on multiple levels. First, it is often hard to know whether some information has been breached without your knowledge. However, this is just the tip of the iceberg. For example, the information that you post on social media, while nominally controlled and private, is fairly easy to access – in fact, in some cases, it is even legal for social media sites to sell or share that information. This extends to businesses and credit card companies – in fact, a great deal of the money that credit card companies make actually comes from selling your profile to third parties for marketing purposes. This makes the few pieces of information that typical data collection methods can’t collect, either practically or legally, even more valuable.
Want to learn more about Cyber Insurance? Access a free, in-depth guide to tackling new risks in a changing world, or contact MB Davis Group today by completing this contact form or calling 973.770.6700.