Big Data: cyber risk apocalypse or big opportunity?
September 2015 | PROFESSIONAL INSIGHT | RISK MANAGEMENT
Financier Worldwide Magazine
How effectively companies predict exactly what customers want before they ask for it, or how digital marketers follow a consumer’s every move online with advertisements for that dress or jacket they’ve resisted buying for weeks – all using Big Data – is quickly becoming a critical competitive edge in customer relationship management. The term ‘Big Data’ is often used to describe myriad uses of information sets and is applied in various different contexts, but it essentially can be defined as the extraction of actionable intelligence and insights from disparate, non-traditional, unstructured as well as structured data sources.
In practice, this means the harnessing of information gained from Big Data analytics to help companies focus their resources, increase their efficiency and ultimately become more profitable. Amazon’s recommendations on books, kitchen appliances and toys that their customers might want to buy was mastered long ago, with Big Data used to generate relevant products based on the consumer’s previous buying habits.
Another well-known example of a company using Big Data to increase their profit margin is the travel website Orbitz.com. In 2012 the company revealed that it showed Mac visitors more expensive hotel offers than those accessing the website from a Windows PC. This practice was based on data they were able to gather that showed Mac users on average spent $20 to $30 more a night on hotels than their PC counterparts.
This sort of targeting has become commonplace, as companies of all sizes, and across a wide range of sectors, boost online sales through identifying new ways in which people’s browsing data can be used. Putting a price on information, the study of which is termed ‘infonomics’, provides the framework for businesses to manage and wield information as a real asset.
Whole new industries have emerged as a result of the advent of Big Data, with analytics companies offering their expert services to provide ‘actionable intelligence’ and information brokers selling personal data to companies that want access to the preferences and buying habits of their target consumers. Cloud based data storage and computing models continue to bring down the costs of processing massive data sets, which will continue to encourage companies of all sizes to get into the Big Data game. This increasing accessibility, coupled with a need to maintain consumer trust in the way sensitive data is handled, and the constant assault of cyber attacks, all mean that risk for companies using Big Data for commercial purposes has never been greater.
One of the most critical risk areas that companies should be aware of in this ‘Big Brother’ era is the privacy and ethical risks of Big Data. Increased scrutiny in the media, compounded by a growing awareness in the general public relating to how their personal details are being used commercially, has led to a growing number of companies facing reputational damage due to a lack of understanding on information trust issues. The most infamous example of this was when Target’s statistical model deployed by the marketing analysis team correctly inferred – based on purchasing data – that a teenage girl was pregnant, and indirectly informed her family via coupons for baby-related items before her family knew.
While this incident feels a bit ‘creepy’ in its accuracy and snooping-based awareness, from a commercial perspective the outcome could have been worse, as at least they were proved correct rather than, say, sending coupons for nappies and baby clothes to someone who was not, in fact, pregnant, like a photo sharing website unfortunately did in 2014. In other business sectors the costs of coming to the wrong conclusion can have real consequences and there are frequent dangers around overstepping legal or social boundaries. While there is little harm if an online video provider suggests the wrong movie to you, if you are identified incorrectly by a credit rating agency as being a poor debtor, for example, then this may affect your ability to get a mortgage or obtain a credit card.
Another risk encountered in Big Data is the fact that fully anonymising large data sets can be impossible, as Netflix once discovered. In 2006, the company launched a $1m competition to see if anyone could write an algorithm that outperformed Netflix’s own when recommending films to its customers. Contestants were given a huge document of anonymised ratings and Netflix users. Privacy researchers quickly showed that by layering another publicly available data set over the Netflix data, one could re-identify individuals from this supposedly anonymised data set. The next competition proposed was subsequently shelved due to a lawsuit and multiple privacy concerns.
In a world where information is not only power, but also potentially hugely lucrative, companies have increased their storage of massive amounts of data, which in some cases they do not need or use. In an age of IT outsourcing, where information is stored on a server or on the cloud through a third party vendor, companies are at greater risk of experiencing a data loss or cyber incident on a large scale. In addition to the immediate commercial and reputational damage, this potentially exposes companies to costly privacy or data breach lawsuits. One of the critical elements of coverage in cyber insurance policies is that a policy responds in this situation, protecting the insured company even if their IT vendor is the weak link.
From legal costs to crisis expenses, cyber insurance not only provides a financial backstop, it also plays an important role in driving cyber risk management through the digital supply chain. Companies using vendors for Big Data activities should strongly consider requiring the vendor to provide evidence of cyber insurance. Companies that have been through the cyber insurance underwriting process will have demonstrated a level of diligent data risk management in order to obtain coverage.
It is clear through the increasing commercial use of Big Data that the collective reliance on technology is not showing any signs of slowing or reducing our exposure to risk. Companies have to deploy a thoughtful data use, retention and protection strategy that combines people, process and technology to reduce risk to an acceptable level. In today’s threat environment there is always a residual element of this risk, however, and after careful risk reduction, cyber insurance exists primarily to transfer that residual risk. Prudent companies that are using Big Data in any form would be wise to consider cyber insurance an important element of a holistic data risk management strategy.
Sarah Stephens is the Head of Cyber, Technology and Media E&O at JLT Specialty. She can be contacted on +44 (0)207 558 3548 or by email: firstname.lastname@example.org.
© Financier Worldwide