Our traditional approach to cyber risk and security has been focused on privacy and financial data. The data breach or loss concerns that typically rank high on our risk ratings are private and confidential data like names and social security numbers with other identifying non-public information and financial data like credit cards numbers and transactions. We assess potential dollar loss from this type of incident and, to mitigate risks, some obtain cyber insurance coverage. Finally, in order to assuage the concerns of impacted customers of a financial data breach, the breached company may offer credit monitoring for a year.
Some recent breach incidents, however, do not fall within that paradigm and can turn traditional risk management prioritization on its head. The impact from breach of a new class of data that we call BPI (Business practices/Personal data/Intellectual property) can create different kinds of problems for the breached company as well for its employees and even business associates and partners. [Read more…]