Your browser (Internet Explorer 7 or lower) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

X

Navigate / search

The 4 Myths of IT Data Security

October 6, 2017

Online FraudMyth #1: We really don’t have any confidential information to protect.

You might think an old-line manufacturing company has little or no exposure to a network security event. However, they more than likely hold data on their current employees, and probably have information on employee prospects as well as recently-terminated employees. They also likely hold the design plans of key customers, acquisition targets and partners. Virtually any business has billing records of many customers on hand, which often contains sensitive data.

Myth #2: We use a third-party vendor so we do not have the exposure.

Using a third-party vendor may actually present additional exposure to your business. As your systems link with other systems and connect with other companies’ data, you take on the added exposure of potentially corrupting or breaching the data of multiple businesses due to your processes and your people.

It’s also important to fully understand the indemnification agreements and hold-harmless contractual wording in place with the third-party vendors, and to verify that they have adequate resources, including insurance, to back their indemnification obligations to your business.

Myth #3: Our IT Department assures us that we do not have any exposure.

Consider the recent Sony case. This is an example of a large, sophisticated company with the latest and greatest technology protection that was hacked with apparent ease. Businesses with the best controls still have data breaches. You can’t engineer the people-factor out completely: Laptops get stolen, and PDAs get left in airports.

There have been reports of the FBI, the State Department and multiple Fortune 500 companies being hacked despite sophisticated control measures and teams of people working to protect their systems. An IT manager who says their systems are impenetrable is either extremely naive or horribly overconfident.

Myth #4: Hackers only attack large companies.

A new 2016-2017 Radware’s security report found that 98 percent of organizations survived the cyber-attack in 2016. Thirty-one percent of these attacks were committed against small and medium-sized businesses with less than 250 employees. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.

For more information, please contact your local Marsh & McLennan Agency representative or visit: marshmma.com/cyberliability


This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisors. Any modeling analytics or projections are subject to inherent uncertainty and the analysis could be materially affective if any underlying assumptions, conditions, information or factors are inaccurate or incomplete or should change.