The Information Commissioner's office has slapped a £120,000 fine on Greenwich uni after a security cock up by its maths and IT department compromised the data of almost 200,000 individuals. 

It is reasonable to assume that the amounts incurred could have exceeded £120k; with fines being only one of the potential consequences of a data breach.

One way to mitigate costs and potentially avoid fines would be to engage vendors associated with cyber i.e. risk analysis tools, PR companies, cyber security firms etc

The Corax-Clyde study shows that incident resolution costs are 50% lower when engaging panel vendors over non-panel - something that is a huge factor to consider when taking out cyber insurance - other than the limit of indemnity what else matters; reputation? balance sheet? What more does your insurance policy offer you?

Some key findings from the 2018 Corax-Clyde Cyber Breach Insights Study:

  • It takes 3 years to resolve an incident from discovery of the breach. After 3 years, insurers are no longer receiving invoices to settle
  • 38% of the breach events had a zero record count meaning no personal records were impacted.
  • Forensics costs were the most expensive types of costs, and these were not driven by record count.
  • Leisure/Retail/Hospitality, Financial Services, and Professional Services had very similar numbers of events.
  • Data breach events involving unauthorized access or manipulation (29%) were caused by internal and external parties.
  • Event Costs: Mean: $444k Median: $18k Maximum: $21m – such a wide range of potential costs is typically a driver to purchase insurance.