Cybersecurity Misconceptions

Morgan O'Rourke


October 3, 2016

cyberrisk mistakes

Unsurprisingly, cybercrime and data breaches are a booming business that Juniper Research has estimated could cost companies more than $2 trillion a year by 2019. According to a report by Assurex Global, however, many companies are still operating under a number of misconceptions about cyberthreats.

The first of these is that cybercrime only happens to large companies when, in fact, smaller companies are sometimes more vulnerable since their cybersecurity efforts are often less sophisticated than those of their larger counterparts.

The second misconception is that only certain types of businesses are targets, when it is clear from the growing number of victims that all businesses are vulnerable. Many companies also mistakenly believe that they can self-insure against a data breach, but with the average total cost of a breach reaching $4 million and defense costs increasing, Assurex contends that self-insuring is not feasible.

Finally, many companies believe that outsourcing their network security, data management and payment transactions means they are protected. The reality, however, is that the original data-owner will be named in third-party lawsuits and held liable in most jurisdictions, and indemnification provisions in vendor agreements will likely contain exclusions and caps, making them insufficient shields against liability.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)