Issue link: http://palletcentral.uberflip.com/i/842358
this still leaves a large segment of industry outside the traditional buyers with exposure to cyber loss. No industry is immune. Any company, large or small, can be targeted. It's not just the Home Depots and Target Stores that we've heard about in the news. Data breaches are often thought of as the result of specific, targeted, criminal actions. However, more data shows miscellaneous errors as a leading factor in data security events in almost a quarter of all incidents. Misuse of privilege wasn't far behind. I find misuse of privilege interesting. Almost 80% of the attacks on company data are actually executed by employees or ex-employees. And, it's a totally different ballgame if someone abuses privileges they have legitimately. Abuse of legitimate privileges can be considered a database vulnerability if the malicious user misuses their database access privileges. Ok, that's a mouthful. For example, an IT person at your company looks into data that he/she has no business of knowing, such as individual employee compensation. And, from there, what if that information is leaked, and causes harm to the company. It is true that this could also be an application problem, but typically that is not the case. Keep in mind that it's not just the outside threat, i.e. a former disgruntled employee, that poses a problem to your sensitive data. Over 60% of cases involved abuses of privileged access. Privileged access meaning personnel with approval for access to certain data. However, data mishandling and/or unapproved hardware and software applications all involved claims activity. In addition, possession abuse, email misuse, knowledge abuse, illicit content, to name a few, also come into play. The majority of perpetrated acts have come through malicious email attachments, drive-by downloads on websites, or a hybrid-type approach where a malicious email contains a link to a website with harmful downloads. The golden rule here is, if you are not sure the email is safe to open, don't open it. This doesn't mean that every email that sits in your email spam bin is a bad email. However, practice caution here. Regarding credit cards, vendors continue to be a leading source of incidents. There are numerous types of malware that may be used in an attack. Fortunately, Europay MasterCard Visa (EMV) standards required as of Fall 2015 have helped curb this area of malware attack, but for those not up to EMV standards, the exposure is very real. So, with everything said to this point, what exactly is cyber-insurance? The short version is that cyber-insurance is an insurance product used to protect businesses and individual users from internet-based risks. Risks of this type are typically not addressed in general liability policies, or excluded from what we might consider a traditional business policy. With a cyber-specific insurance policy, coverage will typically include first-party coverage against losses that can include data destruction, extortion, theft, and hacking. In addition, a cyber-liability policy will typically indemnify a company for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation. Other coverage benefits may include post-incident public relations, investigative expenses, and criminal reward funds. Each insurer will have a policy that varies, but this gives you an idea of coverage provided. Cyber insurance premiums are expected to grow from the neighborhood of $2 billion in 2015 to an estimated $20 billion or more by 2025. Insurers and reinsurers are continuing to palletcentral.com PalletCentral • May-June 2017 31 Abuse of legitimate privileges can be considered a database vulnerability if the malicious user misuses their database access privileges.