23andMe; Why Cyber Insurance Matters
On Friday October 6th 2023 leading genetic information and analysis provider, 23andMe, announced that it had been the victim of a cyber-attack.
In a blog article posted on their website, the company said that data from users of its service was circling on the dark net. 23andMe went on to state that this was a targeted attack, and that the hacker had released more than one million lines of data for people holding certain genetic markers. The hackers had then requested a ransom and asked for a payment of between US $1 and $10 per account.
The data gathered by the cyber criminals includes in user’s private and personal information, such as names, geographical locations, dates of birth, profile pictures, and genetic results.
While 23andMe’s blog post gives instructions for how users can change their passwords, and institute multifactor authentication following the breach, the breach itself is going to be a concern for the roughly 7 million accounts estimated to be for sale on dark-web criminal platforms. However, concerningly in this situation, according to Tech-news site ArsTechnica the hackers claimed that 23andMe CEO knew that there was a data leak incident approximately two months before the company made any announcement on the matter.
The Growing Issue of Cyber Crime
Cybercrime is on the rise worldwide, and in the last six months alone there have been some serious and extensive breaches at some major organizations and companies. From Sony announcing that it had been the victim of a hack on its PlayStation Network, through to the recent incident with Caesar’s Entertainment and MGM Resorts, virtually every industry and vertical has felt the effect of cybercrime and cyber criminals in the last 12 months. No organization is seemingly immune, as criminals have targeted everything from student file transfer services through to health care providers and hospitals.
In the case of 23 and me this is a nightmare scenario.
Not only have personal details been exposed, but also sensitive genetic information. This could actually pose a serious threat to safety and well-being for the customers of the service. Adding to this, is the issue that 23andMe is alleged to have known about the penetration for months before disclosing this to customers (or regulatory authorities). The fall-out from just this single cyber event is going to be extensive. Unfortunately, it is not an isolated incident, and the cumulative effect of all cybercrime being realized in the modern world should be a wakeup call to businesses and companies everywhere.
The 23andMe Hack and Your Business
With the 23 and me hack there are a number of things going on.
Firstly, there is the issue of a company which holds private and sensitive personal information, having those details be exposed. Most legal jurisdictions around the world have some form of regulation regarding the acceptable use of private data by for profit companies. This would include things like data protection and legal minimum standards to ensure that bad faith actors are not able to access critical information about private customers.
Then there is the potential issue of the fact that 23andMe is alleged to have not informed customers in a timely manner. Again, under many data regulations in the event of a data breach, customers and users of a service normally have the right to know that their personal and private information has been accessed. If it actually took 23andMe two months to notify customers that their personal data had been exposed then there may be significant penalties associated with this delay.
Finally, there is the issue that 23andMe is likely going to experience a severe drop in trust. People are likely going to choose to use the services associated with a competing organization over those offered by 23 and me. This is going to cost the business a great deal of money as subscriptions are canceled and new purchases are reduced.
These three areas are highlights of the situation with 23 and me, which let’s remember is a major international organization, and could realistically impact any business on the receiving end of a cyber event. 23andMe is a well-funded company, with millions of active customers, and an extensive international reach. A breach of a company of this size should be concerning to all smaller and medium sized enterprises worldwide.
Future Assistance with Cyber Insurance Today
In an age where you’re almost guaranteed to experience some form of cyber-attack on your business it’s not a question of “if” you will become a victim but rather “when.” While no security system can completely secure your business from a persistent and determined cyber-criminal, it is always important to be prepared.
Part of that preparation should be looking at some form of Cyber Insurance.
It is important to realize that cyber insurance is not a one size fits all solution to digital risks; cyber insurance is, in fact, an infinitely customizable product that will enable a business (or other organization) to protect against their biggest digital risks. It is also important to note that cyber insurance is not a perform of Professional Liability Insurance - this means that cyber insurance does not cover a business for errors or omissions that may occur in their digital work.
When it comes to cyber insurance you get to decide exactly what you include in your policy. The benefits or protection that you can receive may include things like: data breaches, global cyberattacks, breaches of vendors or other third parties, and terrorist attacks. The coverage is extremely broad because the nature of cybercrime is constantly evolving. This type of insurance is designed to offer a comprehensive umbrella of protection to the organization it is covering. As part of this cyber insurance actually goes beyond just the immediate cyber-attack.
In fact, many cyber insurance products available in Hong Kong (and elsewhere around the world) will provide extensive complementary support with the benefits on offer. This means that cyber insurance is often able to provide financial assistance if you have to defend yourself in a lawsuit or regulatory investigation, and is often able to provide top up insurance in addition to any existing coverages you may hold. Further to this cyber insurance underwriters will normally provide crisis management services that enable you and your workforce to overcome the event that you’re facing with the assistance of a dedicated team of experts to support your ongoing activities.
This means that even if you’re facing regulatory action by the government and possibly even extensive fines, or you’re being sued by a customer whose data has fallen into criminal hands, cyber insurance provides an expansive blanket of coverage against most eventualities related to cybercrime and cyber events.
The worst possible outcome for a business in the modern world is to be the victim of cybercrime but have no backing. Paying fines out of company funds, having a deal with the interruption that a cyber event will have caused to your business, and the negative reputational impact that will come as a result of being a victim to cybercrime, can all cripple a business that does not have proper support.
Hong Kong Cyber Insurance from CCW Global
It’s important that all businesses and companies in Hong Kong be aware that, at any time, they could be the victim of cybercrime. With cyber criminals growing more audacious and ambitious, even small companies present attractive targets. No matter whether you’re a multinational corporation or a small independent financial services firm, experiencing a cyber attack without the support of proper insurance can be catastrophic.
CCW Global’s expert business insurance brokers have extensive experience in assisting private organizations and businesses in finding the perfect level of cyber insurance coverage. working with a range of different international and local insurance companies, our advisors will work with you to craft a policy that covers you against your major cyber risks.
If you are concerned about the growing rate of Cyber Crime and want to understand how to better protect your business, please Contact Us Today.
Ask CCW – We’re Simplifying Your Insurance.