Engineering Inc. - July/August 2015 - (Page 38)

Guest Column BY G L E N M A N G O L D A N D C H A R L ES KO P P L I N The Business Case for Cybersecurity T here are two types of firms: those that have been hacked and those that will be hacked. Just because you don't hear about it in the news, don't assume that professional service firms are not targeted by hackers. The 2014 NetDiligenceĀ® Cyber Claims Study found the professional services sector tied for the third most claims out of 13 different industry sectors. In addition, 23 percent of all claims came from firms with less than $50 million in revenue. All engineering firms need to proactively address cybersecurity and the risks associated with online data. Small firms are targeted more because they have fewer resources than large firms. Information that needs to be secure includes confidential project and client information as well as employees' personal information. There are costs associated with securing a firm's information, but the cost of not securing it could be higher. Glen Mangold If a data breach occurs, the firm will need to notify the entities whose information has been stolen. There could be credit and identity monitoring requirements as well as litigation. Federal and state requirements for notifying victims of a data breach are evolving and vary. The firm will also incur the cost of restoring its network after the data breach. Besides the direct monetary costs, the Charles Kopplin firm's reputation could take a hit from both its clients and employees. Threats have both external and internal origins. External threats come from amateur hackers, often someone with a personal or political agenda, and cybercriminals who are looking to make money from selling the information. Internal threats can be either intentional or unintentional. According to the National Institute of Standards and Technology, internal threats account for 80 percent of security issues. Most firms allow employees to access their firm's network from a 38 ENGINEERING INC. JULY / AUGUST 2015 remote location using a virtual private network (VPN) on a personal computer. An emerging source of threats comes from "bring your own device" (BYOD) policies that are increasingly common. These devices include both smartphones and tablets. When the employee's computer at work is included, a 30-person firm can have as many as 120 devices (four times the number of employees) that are connecting to the Internet and its computer system. Each of these devices is capable of downloading malicious code and viruses that can easily be transferred to the employer's computer system. As the number of mobile devices has grown, so has the number of apps and fake apps. According to a recent research paper by IT security company Trend Micro, "It has actually become quite common to see fake apps, which appear as real apps, come out shortly after legitimate mobile or PC versions come out." The paper found almost 900,000 fake apps, and 44 percent of them were detected as malware. An estimated 84 percent of all cyberattacks are happening at the application level. Firms are beginning to add cyber insurance to help share the risk of their increased exposure to hackers and cybercriminals. Coverage includes: * Liability arising out of unauthorized access to confidential thirdparty data. * Costs to restore design firm's data and extra expenses while recovering from the breach. * Web content that is alleged to include libel, slander and accidental public posting of private information as well as copyright or trademark infringement. * Public relations assistance to protect the firm's reputation. Some policies include risk management services, such as tools for breach prevention and recovery. It may also include forensics coverage and incident response services. The insurance carrier will contract with experts to assist the insured when a loss occurs. Cyber insurance can be purchased for as little as $1,000 for $1 million in coverage. An insurance broker can provide more specific information. As the use of electronic devices and the reliance on electronic information is increasing, a firm's risk of being hacked or having its data breached is growing. Cybersecurity efforts need to be diligent to combat the efforts of hackers and cybercriminals. Glen Mangold, CPCU, is the managing director of the architects/ engineers program for Markel Corporation, a leading provider of professional liability insurance. He has more than 25 years of experience in the insurance industry. He can be reached at Charles Kopplin, P.E., FACEC, has more than 40 years of experience as a consulting engineer, including 14 years as the risk manager for an ENR Top 500 Design Firm. He can be reached at cw.kopplin@

Table of Contents for the Digital Edition of Engineering Inc. - July/August 2015

Engineering Inc. - July/August 2015
From ACEC to You
Market Watch
Legislative Action
Secrets of the Centenarians
State of the Industry
Reshaping Cities
2015 Professional Liability Insurance Survey of Member Firms
Girl Empower
2015 Fall Conference
Guest Column
Guest Column
Guest Column
Business Insights
Members in the News
Mergers and Acquisitions

Engineering Inc. - July/August 2015