Today’s hackers have become so sophisticated that they can overcome even the best network security measures.
Hackers also have figured out that staffing firms, which typically store thousands of Social Security and driver’s license numbers in their database, make for enticing targets.
Not just big firms need to be on guard. In fact, a company with fewer than 10,000 records is more likely to be hacked than a firm with more than 100,000 records.
Because hackers have long ago figured out that smaller firms, which represent the preponderance of staffing outfits, are less likely to have robust defenses in place to fend off cyberattacks.
The staffing industry isn’t doing itself any favors on this score, given its wide use of social media and other poorly secured web sources to gather information on placement candidates.
Industry consolidation and the rising use of mobile technology also leave staffing firms at greater risk of a cyberattack.
IBM Security recently estimated that the average cost of a data breach is $158 for every lost or stolen record.
No wonder cybersecurity insurance has seen so much growth. PwC, the giant consulting and accounting firm, forecast that the global cyber insurance market will reach $7.5 billion in annual sales by 2020 – a $5 billion dollar increase over a five-year timeframe.
With all of this in mind, the question for any staffing firm owner isn’t whether they should buy cyber coverage, but how much of it they might need.
The answer to that isn’t overly complicated. If the average cost of a breach is nearly $160 per record, just multiply that dollar figure by the number of records you keep. Coverage is typically sold in $1 million increments, so a firm with 10,000 records would want at least $2 million in coverage.
Unfortunately, the insurance policies written to cover cyberattacks are anything but simple. Adding to the confusion is the lack of standardization in insurers’ forms, making it tough to compare one against the next.
That said, there are three areas of coverage at the heart of cyber insurance:
- Liability. This pays for the defense and settlement costs arising out of a company’s failure to properly care for private data.
- Crisis management. This addresses the response costs following a data breach, including investigation, public relations, customer notification and credit monitoring.
- Regulatory fines and penalties. We’re talking about the costs to investigate, defend, and settle fines and penalties that may be assessed by a regulator. Be careful here, however, because many carriers do not provide this coverage, although there can be coverage for defense costs.
What else should a staffing firm owner think about?
Look for coverage that applies to employee data as well as customer information. There are policies that cover only one or the other, so the broadest coverage is what you want.
Because so much business nowadays is conducted in the cloud, you’ll want a policy that covers information in the “care, custody, or control” of your vendors. Some policies limit coverage to information only in your care, custody, or control.