Skip to Main Content

Another Fortune 500 Company Falls Victim to CyberCrime

Wednesday, December 5, 2018
Tony Hopkins

By Tony Hopkins, CPCU, CIC, CRM

Lessons from Marriott’s Starwood Database Hack 

In late November, another major brand, Marriott, made headlines for a recent cyber-attack. According to Business Insurance, the hackers accessed credit card data for some 327 million customer records containing personal information which may have included passport details, birthdates, addresses, phone numbers, and email addresses. 

While Fortune 500 companies like Marriott garner headlines, according to Advisen and the Insurance Information Institute’s Cyber Risk Report, the reality is that cyber-related incidents have been increasing since 2010. The Ponemon Institute estimated 55 percent of businesses with less than 250 employees will experience a cyberattack.  The aftermath of a breach costs an average $1.8 million in damage, theft, and disruption of normal operations. 

There are always good lessons to learn from these breaches: 

  • Reputational risk is an ever-increasing exposure. The public relations and restoration of consumer trust will be an upward battle. 

  • Breaches translate into hard dollars, not just incurred costs. While mitigation will be costly for Marriott, likely hitting the hundreds of millions of dollars, the plunge in their stock and value will hurt and have a long-lasting effect. 

  • Size doesn’t matter. Whether you are a large business with endless resources or a small businesses with limited resources, both are at risk. 

  • Never let your guard down. Hackers can lay dormant in the system undetected for a long time, sometimes years. 

  • Be aware of major inflection points in your business such as an M&A.  During these deals, a lot of data and information is passed between businesses making them especially vulnerable to a cybercriminal that has been stalking your business. 

  • The buck stops with you.  It doesn’t matter the safeguards you put into place, you and your business are ultimately responsible for any data accessed from any of your systems – social, website, databases, etc. 

So what can you do to protect your business? 

First, make sure review and ensure correct insurance coverage for a cyber-incident. Often, organizations incorrectly believe commercial property and commercial theft policies will provide coverage for loss of data, which is considered intangible. Intangible property values often far outweigh tangible property. 

Cyber liability insurance is specifically designed to cover cyber-related losses such as: 

  • Breach costs – Costs incurred as a response to a breach. 

  • Media liability – Publication of falsehoods or misuse of trademark or copyright inflicting damage connected to your business. 

  • Cyber business interruption – Interruption or degradation of one of your systems because of a third-party blocking access.  

  • Hacker damage event – Damaging, destroying, altering, corrupting, stealing or misusing one of your systems or data. 

  • Cyber extortion event – Your receipt, directly or indirectly, of an illegal threat from a person or entity who is not an insured threatening to damage, destroy, or corrupt one of your systems for their own benefit as a condition of not carrying out this threat. 

  • CyberCrime – money and/or securities transferred, paid or delivered from your transfer account directly resulting from a fraudulent instruction. 

Cybersecurity is achievable if an organization’s leaders not only recognize, but also acknowledge the risk, making it a priority, and implementing the right approaches when the unexpected happens.

Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.