Tech Insurance Firms Get Cyber Security Boosts
By Lou Ortiz
The cyber security industry just watched as corporate downsizing and layoffs took their toll during the recession, which sort of passed it by — because the growing $20 billion-plus a year industry was too busy making money.
The cyber industry provides security for a growing sector of the US online economy, which accounted for $347.8 billion in revenue in 2011, according to Los Angeles-based Business Information Systems (IBISWorld), which analyzes many economic sectors and forecasts trends.
The online sectors include e-commerce, credit card processing and money transferring, search engines, travel computer reservation systems, and survey and recruitment sites.
While such companies "will likely incur higher costs for the measures they employ in securing customer and internal data, other industries will benefit from their demand for such services," said Josh McBee, a cyber security consultant with IBISWorld.
In the Miami area, those security firms include Terremark, Grove Networks Inc. and Compuquip Technologies, as well as firms like Wilson, Washburn & Foster Insurance, where businesses go to buy liability insurance in the event of data breaches.
"We’re starting to see more people with interest in that," Tom Washburn, CEO of the Miami-based insurance firm, said about liability products. "It’s becoming more important as businesses migrate online."
But industry officials say that companies still don’t get it: the potential threats, the need for security, and the need for liability insurance.
Small and mid-sized businesses without cyber protection, industry officials say, will either pay the pros to get on board with security or pay with their customer base and other penalties when — not if — hackers come in and snatch sensitive information.
"It’s our biggest struggle when talking with companies about security," Eric Dosal, president and CEO of Compuquip Technologies in Doral, said about companies coming to grips with online threats. "The larger guys know why they need [security] solutions."
But the smaller and mid-sized companies ask, "Who’s going to hack me?" he said. "It’s more about understanding the risk that you have. What happens when the files are breached and the client information is out there? What is that going to do to your company? It takes a lot of education."
Allen Cross, an Atlanta-based retail insurance broker who works with Mr. Washburn’s firm, said companies incur a host of costs and liabilities when their data is breached or compromised by hackers or company employees.
Mr. Cross said a firm must pay to notify customers of the breach, pay for the cost of an investigation into the leak, pay for any government penalties for failing to protect the information, and pay to defend itself against possible lawsuits and potential damages.
"Companies are required by law to protect the information," he said. "It can turn into a public relations nightmare, besides paying to restore your brand and good name."
"We have written $100 million in premiums and paid $30 million in losses over 10 years," Mr. Cross said about online data breach insurance products, which cover the potential company liabilities he talked about earlier. "Eighty percent of businesses do not have insurance."
Mr. Dosal said some companies wait too long to install security.
"It’s disasters that make the sell," he said. "The majority of the hackers are young and they are out there doing it because it’s fun."
Mr. Dosal said the need for cyber security has been increasing, especially since 2002. "When the recession hit," he said, "we barely saw a decrease in volume."
Mr. Dosal likened cyber security to playing defense in football. Hackers may score occasionally, he said, but it might be easier to swallow if they score a field goal instead of a touchdown.
Andy Judge, founder and president of Grove Networks Inc., said installing cyber security "is more of a health insurance policy. It’s being proactive. You want to reduce the risk, and the way to do that is build a security wall around it."
"We’ve had a good amount of business for a long time, and it continues," said Mr. Judge. "We service financial institutions and very large banks, both here and internationally. Great companies try to leverage technology to get ahead."
Companies need to "look at best practices," he said about cyber security. "They need to look at a comprehensive firewall that can do various intrusion preventions… border patrols for spyware and viruses. It’s always best to find a firewall with gateway security."
"It’s a process," he said. "Security does not happen with a one-two check. We have a checklist that we go through. User education is another thing we go through. You need a support company."
Encryption, which makes the data unreadable, and software developers also play critical roles in cyber security.
"Terremark deals with encryption in various ways," Mario Santana, vice president of secure information services at Terremark, a Verizon company, said in a statement.
"First of all, we obviously employ encryption in our own business, as well as in many of our products and services," he said. "Additionally, we provide some specialized security services involving encryption, such as the ability to monitor a customer’s encrypted communication channels for malicious or unauthorized activity."
"In order to provide some of these specialized security devices," Mr. Santana said, "Terremark invests significantly in custom software development."
According to Georgia-based Insuretrust, companies are at risk if they store social security numbers, addresses and telephone numbers, emails, credit card information, financial records, investments, pension information, retirement accounts, bank information or payroll direct deposit, credit information or reports, health records, and user names and passwords.
"It’s expensive to notify your customer base that you’ve been violated, so to speak," Mr. Washburn said. "And it’s expensive to maintain credit files to see if they [customers] are having problems because of this violation."
The average cost of a compromised record in 2011 was $214, according to the Michigan-based Ponemon Institute, which conducts research on data protection and information security policy.
"The fact is that individuals care deeply about their personal information and they lose trust in companies that fail to protect it," the institute said in the 2011 data breach report.
Mr. Dosal said cyber security is about "understanding your risks." Businesses need to look for a "company with expertise to put the security pieces together. You want it to work properly and fit the business. Putting those measures in place are critical."To read the entire issue of Miami Today online, subscribe to e -Miami Today, an exact digital replica of the printed edition.