The hack of global giant Ticketmaster is a timely reminder the of importance of cyber risk management and cyber insurance for business of all sizes, according to international insurance broker Gallagher.
In late June Ticketmaster revealed that its British business had been exposed via customer support software from a third party. According to ABC, around 30,000 customers in the UK were identified as being affected by the breach with international customers who purchased or attempted to purchase a ticket between September 2017 and 23 June 2018, also potentially impacted.
Brett Parnell, – a cyber insurance specialist from Gallagher’s Professional & Financial Risks team, said that the breach emphasises the need for businesses to ensure they have cyber risk management controls in place, and a cyber insurance policy that can respond in the wake of a breach, particularly around the use of third parties.
“This incident highlights the potential vulnerability clients face when using third-party software providers and integrating systems, and reinforces the importance of vendor management and undertaking appropriate due diligence,” Parnell said.
“Before allowing a third party access to sensitive customer and business data, the third party should be properly reviewed or vetted”.”
Parnell added that this review should include security checks to ensure that third parties have systems in place which comply with legislation such as the Notifiable Data Breach scheme in Australia and GDPR in Europe. Reviews should also include an analysis of cyber insurance coverage.
For third-party vendors, Parnell said that cyber insurance can be “a ticket to growth” as it helps show a potential partner that the business takes its cyber risk seriously and is ready to respond in the event of emergency.
“When you’re negotiating contracts, cyber insurance can put you ahead of competitors that don’t have it in place. It’s a sensible part of any business risk management strategy.”
How cyber insurance can help
Following the breach, Ticketmaster has had to deal with forensic examinations of its systems to identify and contain the breach, and roll-out an extensive PR strategy to attempt to limit reputational damage and notify all customers who were potentially impacted. Parnell noted that each of these costly and time-consuming elements may be covered under a cyber insurance policy which can rapidly respond to a breach in any circumstance.
“A cyber policy is really designed to be an incident response policy,” Parnell said. “Rather than waiting to go through a long and drawn-out process of legal recourse against the vendor, the cyber policy gives a business the opportunity to respond to the incident, get those specialist services in early and get on the front foot as time is so crucial in these sorts of events.”
To add further intrigue to the Ticketmaster attack, it has been reported by BBC news that Ticketmaster was made aware of the potential vulnerability months prior to discovering that their systems had been breached.
“That reinforces the importance of cyber risk management to be a board-level issue and not just resting in the IT department,” Parnell continued.
Cyber risk a concern for SMEs too
While Ticketmaster is an international giant, Parnell said that the breach reinforces the need for all businesses to better understand their cyber risk management and cyber insurance options, regardless of size.
“All companies need to be aware of the brand and reputation damage that cyber breaches can lead to,” said Parnell. “That’s why cyber insurance is as relevant to a small business owner as it is to multinational companies.”