With high-profile data breaches continuing to make front page news, employers say they fear cyber security poses the greatest risk to their company. Trusted advisers should be prepared to help quell those fears.

When asked to consider the single biggest risk facing organizations, the majority of business leaders agreed the No. 1 risk they were concerned about is cyber security/network security, according to a survey by The Graham Company.

Between 40% and 45% felt that there was a significant level of risk (i.e., giving the highest or second highest rating on a five-point scale) for a hacking incident/network intrusion/denial of service attack leading to theft of customer information (45%), inability to use the organization’s network (44%), theft of employees’ private information (43%), theft of intellectual property (41%), and/or inability to access the organization’s website (40%).

At a slightly lower level, 31% felt that there was a significant level of risk that their organization may face cyber extortion in the next few years.

Also see: “Anthem breach: Warnings, lessons for the industry.”

“It seems like every other day we are seeing headlines in the news about another data breach, so it’s no surprise companies are concerned. Beyond consulting with security experts to safeguard their systems, business owners should consider what they’ll do in the event that they do become victims of a cyber attack or lose sensitive client data,” says Nick Rockwell, director of benefit solutions at LifeLock.

Benefit advisers, he says, should be educating their clients about exactly what data they are responsible for.

“Many employers think still that data loss is someone else's responsibility,” he says. “Where does employee data get exchanged and why is this information being shared are questions that should be asked and understood by HR.” 

In a recent survey by Eastbridge Consulting Group, one in five employees were found to have been a victim of identity theft, Rockwell says, adding that, “There’s a big opportunity for employers to address this problem by investing in identity theft protection for their employees, especially since 12% of employees pay for identity theft protection outside of their employers.”

Advisers, he says, “should be helping their clients understand the value of offering not only employees identity theft protection as a benefit, but also showing them the value to the organization.”

Rockwell sees employers increasingly opting to make identity theft products employer paid, rather than voluntary.

“Their main motivation there is to try and ensure participation,” he says. “The more employees are protected, the more protected the organization is.”

Advisers should also be helping their clients find providers who can help address not only identity theft protection benefit programs, but also breach preparedness and response planning in combination so that there is a holistic approach, he says.

“Embracing other parts of a client’s organization, such as security or privacy with this kind of education could also further entrench an adviser with their client,” Rockwell adds.

Client data

Advisers themselves should also be looking to protect client data from cyber breaches. Hackers and data thieves will likely begin targeting companies down market from the big corporations, meaning brokers and advisers should be prepared, Tinker Kelly, president and CEO of VEBA told advisers at Employee Benefit Adviser’s Workplace Benefits Mania in July.

Also see: “How to protect client data from a cyber-breach.”

“Agents have an ever-increasing responsibility to protect client data,” he said. “Being cautious with sensitive data is important. Agents have a responsibility to keep client data tight. Also, if a breach occurs it can be detrimental to your reputation.”

Benefit advisers should have a plan for what to do in case of a cyber-breach well before one happens, Kelly says. That plan should include an already assembled breach response team to include representatives from legal, marketing, customer service, IT, HR and corporate communications.

Following a breach, the firm should identify its legal and regulatory obligations and create a breach playbook, including planning the legal process that will ensue, how to handle communications with clients, etc.

Health care cost risk

The Graham Company survey found employers also continue to cite health care costs as a top concern, but also found many are still struggling to take the appropriate measures to curb those costs or even reach out to advisers or other professionals who could help them do so.

Only a little more than half (64%) of respondents to the Graham Company survey felt that their organization was either very well prepared or fairly well prepared to address the risks associated with health care costs. However, only slightly more than half of respondents regularly consulted with an insurance or risk management expert to review plans for mitigating risk.

That’s especially alarming since outside assistance from an adviser or benefit professional can be useful for employers who may feel inundated by risk.

“This complexity of risks has caused many business leaders to become overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line,” says Ken Ewell, president and COO of The Graham Company.

“A one-size-fits-all approach to insurance and risk management isn’t adequate in today’s constantly evolving business environment,” he says. “Business leaders need to shift their risk management approach from passive and general, to proactive and specialized in order to protect their companies.”

Register or login for access to this item and much more

All Employee Benefit Adviser content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access