While security breaches at large companies, such as the recent incident at Sony, may grab more headlines, it appears the security risk facing small and mid-sized businesses should not be overlooked. Symantec has released numbers concerning the number of targeted attacks (e.g. one malicious email targeted to one individual) experienced by businesses small and large. Their results, from Symantec.cloud, indicate that from the start of 2010 to late July of this year, 40 percent of targeted attacks have been sent to businesses with less than 500 employees while less than 30 percent of the targeted attacks have been to companies with more than 5,000 employees. Symantec also provides numbers by industry that suggest small and mid-sized businesses operating in the following sectors are at higher risk: Mineral and Fuel, Non-Profit, Engineering, Marketing and Recreation. Further, in a recent study commissioned by McAfee which surveyed 100 IT professionals at businesses with 500 or more employees, 26 percent of respondents reported targeted attacks to their data centers in the cloud as a serious concern.
As evidence seems to point to targeted attacks as a concern, certainly cyber-related insurance products could be part of the risk management plan. Looking back at the Sony security breach, it appears Sony believes its general liability policy should cover their particular incident; however, the general liability insurer, Zurich, does not. In the article, Zurich lawsuit against Sony highlights cyber insurance shortcomings, ComputerWorld suggests a Cyber Liability policy is better way to insure the security breach exposure as the typical general liability policy is not designed to respond; however, the ComputerWorld article would also seem to suggest cyber coverages are expensive and the coverage is limited. Coverages certainly vary but they are not, perhaps, as limited or as expensive as the article would seem to suggest. For an in-depth comparison of cyber coverages, consider purchasing the recent Betterley Report. Also, use the links below for more info on cyber coverage considerations.