It is not a question whether or not your company will be attacked, but rather how often. If your protection plan is built solely around information systems and networks, your business processes and people may be more vulnerable than you think. Insurance covers the direct cost of fixing the damage, but not the loss of credibility. If you only deal with the consequences you may leave yourself vulnerable for further attacks. If you don’t know what has been stolen and how, it will be hard to fix things.
On Tuesday November 21, 2017 Uber revealed that they have faced a data breach during 2016 but failed to disclose the event initially. Data of 57 million users and over 600,000 drivers was affected in the breach as reported by Uber themselves. The company admits that instead of disclosing the event publicly at the time, it agreed to pay the hackers $100,000 in exchange for deleting the data and not disclosing the event.