Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cyber breaches inevitable; business leaders advised to be prepared

Reprints
Cyber breaches inevitable; business leaders advised to be prepared

CHICAGO — When it comes to data breaches, it's not a matter of “if,” but “when,” speakers said during the National Risk Retention Association's conference in Chicago.

With more than half of all risk-retention groups involved in the healthcare industry, there's a lot of private information to protect, speakers said during a Tuesday panel on cyber security. And though they said it's impossible to prevent breaches entirely, preparing for them makes a huge difference.

“There are a lot of frameworks out there that help you build this risk mitigation strategy,” said Ryan Johnson, Raleigh, North Carolina-based director for Alvarez & Marsal L.L.C. “It's getting your incident response policy lined up, it's having counsel lined up, it's having a third party expert lined up so that when it happens, you follow your process. … Preferably that expert and that council know enough about your organization that it's not starting from zero when they get the phone call.”

As many employers have learned the hard way, the fines associated with breaches can be significant, said Nick Economidis, Houston-based underwriter at Beazley Group.

Some large organizations have been fined millions of dollars, while smaller organizations might see fines of several hundred thousand dollars, Mr. Economidis added.

“We have to get out of the mindset of 'if we get breached,' ” Mr. Johnson said. “If you have more than 100 computers then it's absolutely not 'if,' it's going to be 'when.' And whether you end up on the cover of The Washington Post or The New York Times or Brian Krebs' (security news) blog is going to be highly dependent on how you have prepared for what is inevitable.”

Read Next