Technology has transformed the business world and, with it, the corporate risk landscape. Whether it is the dependence on laptops and smartphones or sophisticated networks that connect employees of large corporations around the world, technology is now a significant part of everyone’s life. Today, every organization uses technology as a means of delivering its product or service and that technology has brought new exposures as well. Depending on an organization’s reliance on that technology, the exposure to risks can vary greatly:

Personal Information
Corporate Information
Failure of Network Security
Regulatory Requirements
Regulatory Proceedings
Internet Website
Social Media
Extortion
Business Interruption
Damage to Digital Assets
Third Party Vendors
Technology Services
Industries

Personal Information

Organizations have been storing and handling sensitive personal information on employees, customers, students and other individuals since such information has been available. Advances in technology, however, have made it easier to store, transport, steal and simply lose sensitive information. Technology has also made safeguarding client trust and corporate reputations following privacy breaches far more difficult.  As the collection and storage of personal information increases, and further laws and regulations are issued, the exposures to companies are also expanding.  Something as simple as a lost laptop can result in significant costs including legal, computer forensic notification, call center, PR, crisis communications, fraud consultation, credit monitoring, identify restoration, regulatory fines and legal damages. 

Corporate Information

Organizations share sensitive corporate information with third party organizations in order to transact business. To protect the confidential nature of such information, such organizations regularly require the recipient of that information to sign a nondisclosure or confidentiality agreement. These agreements typically hold that the recipient of all non-public, financial, business and technical information shall be barred from disclosing such information to another party unless the information is already known to the recipient independently, developed by the recipient, lawfully required to be disclosed or information that the disclosing organization has explicitly permitted to be shared by the recipient with others. Failure to comply with these agreements can result in significant financial loss.

Failure of Network Security

Every organization today relies on availability of its network to better deliver its products or services.  But what should happen if the network were no longer available due to unauthorized access to the network, a denial of service attack, the transmission of harmful code or other network security attack?  An organization’s ability to provide its products or services to customers can be materially affected if the network is suddenly not available – leading to liability.

Regulatory Requirements

The failure to comply with legal and regulatory obligations places corporate reputations at enormous risk. Given the potential loss in consumer confidence, many companies historically sought to keep security breaches quiet.  With state, federal and foreign notification laws making it illegal to sweep privacy breach events under the rug, keeping silent is no longer an option.

Regulatory Proceedings

Increasingly stringent laws and regulations enacted over the past decade have elevated a company’s duty of care for how it safeguards personal information and protects its networks from attack. Staying compliant with the growing number of state, federal and foreign privacy regulations has become an increasingly daunting task. Consequently, the number of investigations by the regulatory agencies charged with policing those regulations is on the rise. Is your organization prepared for the financial burden of the legal fees and fines that can arise from a regulatory proceeding?

Internet Website

An organization’s internet website has become the primary delivery mechanism for how it advertises and provides information to it customers, patients, students and employees. What was once a simple paper brochure can now be loaded onto the Internet for the entire world to see in just a matter of seconds. But traditional media exposures still exist regardless of the platform. Infringement of copyright or trademark, invasion of privacy, libel, slander, and plagiarism are as real on the internet as they are on paper. Liability can also arise out of an organization’s negligence arising out of the distribution of electronic content on the Internet.

Social Media

In less than a decade, social media has, in many ways, taken over the world. This is not hyperbole. Facebook, one of the largest social networking sites in the social media universe has roughly twice as many members as the population of the United States.  Unlike traditional media, social media offers an interactive experience where consumers/readers can talk to the authors of that information. Of course, there is a downside. Social media makes possible a whole new world of reputational, legal, and operational risks.

For more information, read the ACE Progress Report^SM on social media.

Extortion

If a hacker is successful in identifying a vulnerability in a company’s network security they often look for ways to monetize that discovery. One way hackers have sought to monetize their attacks is through network extortion. One example could be a CEO who receives a menacing email from an unknown assailant threatening your company with a DDoS attack unless you wire $50,000 to a foreign bank account. He then proves he can make good on the threat, shutting the organizations servers down for a two-hour period. The company’s defenses are in place, but this may not be sufficient for an attack that generates 1,000 times the traffic it is accustomed to managing in real-time. The most common forms of network extortion arise out of a criminal threat to release sensitive information or bring down a network unless such consideration is paid. The FBI advises that network extortions are common.

Business Interruption

Hackers are constantly searching for a vulnerability in your organization’s operating system to exploit. If successful, the perpetrator can delete vital application files, rendering elements of your system useless, and resulting in outages that can last hours, days and even weeks. Consultant’s fees to remediate this disaster mount quickly and your business partners become increasingly infuriated. Customers are also unable to access your website, and the lost revenue can impact your bottom line.

Damage to Digital Assets

Your business’ future relies upon the new product plans housed in your database. The security and integrity of these intangible assets is paramount. A hacker, disgruntled employee or independent contractor can illegally access and destroy several critical files, imperiling the results of months of hard work. Computer forensic specialists may be able to recover this information, but at what cost?

Third Party Vendors

In an era of global outsourcing risk managers should recognize that privacy and network security risks do not end at corporate firewalls. Any company that entrusts outside contractors to handle its sensitive data - including employee benefit firms, consultants and customer call centers - ultimately bears the burden of any privacy breach stemming from the outsourced operation. If your customers are affected by a data breach, your company is obligated to respond regardless of who made the error.

Technology Services

Technology allows businesses to operate more efficiently and the firms that provide the services to deliver technology have become increasingly in demand. As a result, the technology service industry has been one of the fastest growing industries in the last twenty years. At its core technology providers provide information technology consulting and information systems analysis, design, programming or integration. Examples of technology service companies include application service providers, data processors, managed services providers, co-location facilities, software engineers and developers, technology consultants, website operators, internet service providers, and systems integrators. Similar to other professional service providers, technology firms can see liability claims arising out of an error or omission in their failure to provide these services to its customers.

Industries

Technology
Retail
Healthcare
Financial Institutions
Education
Government
Professional Service Firms