If only underwriting cyber risk was this easy.
Advisen asked a couple of questions at the end of a survey seeking nominations for our first-ever Cyber Risk Awards on June 18. One was: What is the most significant news story to impact the cyber risk community in 2013?
Predictably, the overwhelming response was the late 2013 data breach at retailer Target. No shock there.
“Obviously Target,” one answered. Well, it was worth asking the question.
Seventy-nine percent— 86 of 109—of responses to this question mentioned Target. Turns out a data breach potentially affecting 1-in-3 Americans made an impression.
More interesting are the thoughts of those who spent additional time answering the inquiry.
“The Target breach had one of the greatest impacts because so many individuals were affected and it involved a simple ‘window of opportunity,’” said one. “Precautions to protect data are often overlooked and can be quite simple, but are often not in place to protect identity theft.”
Of Target, another respondent added, “This breach shook consumer confidence across the country as well as demonstrated a breach’s ability to financially harm a business’s bottom line—both stock price and sales. This breach sent a message that no one is safe. Not even the No. 3 retailer in the US [and it] has also reignited talks surrounding a national notification standard.”
The massive breach is, in a way, credited for bring the need for cyber insurance to light. While true, the significance of the event “highlighted the secondary risk to an organization from a business-transaction perspective, including vendors who would not appear to present an imminent threat to information security,” wrote another individual.
Target was not the only cyber-related event in 2013, of course. Other responses included breaches at Adobe, Neiman Marcus, Walmart, Pintrest and “Target et. al.” Bitcoin received several nods, as did the coverage litigation involving Sony and Zurich.
Eric Snowden’s NSA leaks also drew repeated interest as a significant story, with one respondent prefacing his comment with “As an American citizen…” before adding Target as the most significant story as “a cyber and privacy risk expert…”
Government regulation, the NIST framework, and a move toward improving credit card technology were also mentioned as significant stories.
The comments are additionally interesting when thinking of the Target breach as a market-turning event. It looks as if buyers, sellers, risk managers and attorneys agree this breach was a big deal but it doesn’t appear as though it will lead to the end of deals for buyers. There’s just too much capacity.
And according to some respondents, the Target breach may not be the wake-up call sellers hope.
This dynamic–the pulling forces of awareness, forced awareness (regulation), risk management, litigation, supply and demand–will be interesting to watch as insuring cyber risk continues to grow up.
