We all know there are data scammers out there – but do you really understand the threat they pose and why insurers and brokers are such a key target? New information revealed by BT has spelt out the dangers.
According to the Hidden Data Economy Report, published by Intel Security, personal information is being sold for around £25 on the aptly named “dark web” – but is often worth thousands to criminals. The report reveals that a payment card with bank ID number and CV2 is worth around £17.40; while adding the person’s date of birth takes the value to £20.90; with the amount leaping to £24.38 if it includes an owner’s full name, billing address, expiration date and their mother’s maiden name.
According to the study, the market for such data is booming with John Marsden, who is responsible for UK ID and fraud business at Equifax, stating that “there are around 20 million customer records for sale.”
The issue becomes particularly pertinent for insurers and brokers who naturally hold the details of so many clients on their databases. They are an obvious target for hackers – much like the healthcare industry, according to Paul Nikhinson, privacy breach response services manager for BBR Services, speaking in the
Beazley Breach Insights Report.
“Clearly, new malware programs, including ransomware, are having a big impact,” he said. “Hacking or malware was the leading cause of data breaches in the healthcare industry in 2015, representing 27 per cent of all breaches, more than physical loss at 20 per cent.
“Healthcare is a big target for hackers because of the richness of medical records for identity theft and other crimes. In fact, a medical record is worth over 16 times more than a credit card record.”
John Marsden at Equifax believes that keeping data safe will continue to be a talking point as it is the “key to everything we do”. He states that data breaches should be taken “very seriously as it’s the biggest threat for us all.”
With that in mind Beazley Insurance has issued five steps it believes that organisations can take to protect their data.
- Train employees to be aware of the information they need to protect - personally identifiable information (PII) and protected health information (PHI) - and to avoid falling for phishing attacks and other forms of social engineering.
- Develop a robust incident response plan. Data breaches cannot be well handled on the fly. Advance planning can help avert serious reputational or financial harm. A well thought out and practiced incident response plan should guide management through the life cycle of a breach – from the initial suspicion that something is amiss to full-blown forensic analysis, legal advice, customer communications and PR assistance.
- Categorize potential data risks by threat level. Over-reacting to a breach can be as damaging as under-reacting.
- Review supplier contracts carefully to ensure that your customers’ data is well protected when it is in the hands of suppliers or vendors.
- Encrypt data, particularly mobile devices, laptops, and thumb drives, which are most likely to be lost.
RELATED LINKS:
Biggest UK firms tap Munich Re, Beazley for cyber protection
Beazley retains crisis management response company