Almost 15% of systems remain vulnerable two years after the identification of the "Heartbleed Bug". Researcher Robert David Graham reported his results after completing scans on the 1.5 million systems that supported the bug. What should you be thinking?
What is the problem with this scenario? Most IT personnel will tell you the bug compromises security for applications including web and email, basically allowing cyber criminals to watch what you are doing. If two years have passed and systems are so vulnerable, what are the chances you or your third-party vendors are being impacted by this bug?
Can't my IT team detect this?
If you read the article (http://heartbleed.com/) "exploitation of this bug does not leave any trace of anything abnormal". Quite concerning to think someone could be tracing your actions undetected. This vulnerability can only be fixed as patches become available.
From an insurance standpoint
Unlike most types of crimes insurance professionals deal with, cyber crime can be mysterious. Unfortunately, cyber criminals are not breaking into your building and can't be easily caught by the police. This means most cyber activity goes undetected for a very long time.
When we work with business on cyber insurance, most are unaware of the IT infrastructure they have in place. This can make purchasing coverage difficult when it is hard to comprehend what type of exposure the organization is open to. These problems only mount when you consider the increasing number of clients and vendors interacting with a business every day.
Talking with an insurance professional about your cyber exposure should be a top priority. This exposure can have a large financial impact on your business and can be very hard quantify. It's time to start thinking about how cyber exposure might impact your business.
What do you think?
The Base Team
Insurance made easy. How we can make insurance better for you?