More Oklahoma businesses are purchasing cybersecurity insurance amid nationwide concern about digital safety. But experts say buying coverage alone isn't enough. Journal Record editor Russell Ray discusses tips for digital hygiene and why cybersecurity is a two-way street for businesses and contractors.
Drew Hutchinson: You’re listening to the Business Intelligence Report, a weekly conversation about business news in Oklahoma. I’m Drew Hutchinson, and as always, joining me is Russell Ray, editor of The Journal Record. So this week, I’d like to talk about what Oklahoma businesses are doing to protect themselves in the event of a cybersecurity breach. Journal Record reporter Steve Metzer wrote in a recent article that we’re seeing more and more businesses purchase cybersecurity insurance. Russell, why is this?
Russell Ray: Well, there’s a lot more risk doing business nowadays. As businesses use more technology, the risk of being hacked grows. This has led to a growing market for cybersecurity insurance in Oklahoma and nationwide. The market for this type of insurance was $2.5 billion in 2017 and is expected to grow to $7.5 billion in coming years. Experts tell us traditional commercial coverage may not cover cyber attacks. And so this type of insurance would cover a range of losses related to data destruction, extortion, crisis management and legal claims.
Hutchinson:. And as the Journal Record story says, this has led to the emergence of cybersecurity insurance as a stand-alone line of coverage. And you said, the insurance may protect against losses like theft, extortion demands and other kinds of privacy violations. But even then, Tom Vincent, who is an attorney from Tulsa, said purchasing insurance isn’t enough by itself.
Ray: Well, yes. There are a lot of things businesses can do to protect their assets from cyber attack. You have to have the right computing policies in place to avoid threats that occur from within your business and outside your business. Employees should be aware of what they should not be doing and what they should be doing when dealing with emails and third-party vendors. And we were told most data breaches are unintentional and the result from simple mistakes by employees and even executives.
Hutchinson: And Vincent also advised that electronics should be encrypted and not just username- and password-protected. And for those who don’t know, “encryption” refers to the process of converting data or information into a code that is unreadable to unauthorized users. Now, going back to the insurance itself, another attorney in the story said that cybersecurity insurance is something that clients or vendors may start expecting companies to have. But it’s also a two-way street.
Ray: That’s right. The source of many cyber threats can be found in the communications systems of contractors. It’s important to assess those systems for any vulnerabilities hackers might take advantage of. Moving forward, cybersecurity insurance may become a routine standard for all business relationships.
Hutchinson: Right. Vincent said it’s very important for businesses not just to understand what their own insurance covers, but also to understand what a vendor’s insurance covers.
Ray: Yes. Under Oklahoma law, the liability for businesses can be as high as $150,000 per breach. And that cost does not include additional costs, such as refunding customers for lost services or the cost of shutting down your business due to a crippling cyber attack.
Hutchinson: So on the flip side, what are some reasons why companies sometimes choose to forgo purchasing cybersecurity insurance?
Ray: Well, many companies forego the cost of cyber insurance citing perceived high costs of policies and premiums, confusion about exactly what they cover, and uncertainty that their organizations might suffer a cyberattack.
Hutchinson: Russell Ray is editor of The Journal Record. KGOU and The Journal Record collaborate each week on the Business Intelligence Report. You can follow us both on social media. We're on Facebook, Instagram and Twitter: @journalrecord and @KGOUnews. You'll find links to the stories we discussed during this episode at JournalRecord.com. And this conversation, along with previous episodes of the Business Intelligence Report, are available on our website, KGOU.org. While you're there, you can check out other features and podcasts produced by KGOU and our StateImpact reporting team. For KGOU and the Business Intelligence Report, I'm Drew Hutchinson.
The Business Intelligence Report is a collaborative news project between KGOU and The Journal Record.
As a community-supported news organization, KGOU relies on contributions from readers and listeners to fulfill its mission of public service to Oklahoma and beyond. Donate online, or by contacting our Membership department.