By: Krista M. | Cyber Threat Intelligence Analyst, NJCCIC
Owning a business in this day and age can be a risky proposition. In addition to maintaining positive cash flow and keeping your customers and employees happy, you have to take steps to protect your company and assets from unexpected events that could drain your accounts and close your doors forever. Fortunately, there are many options when it comes to insurance coverage. General liability insurance covers the cost of accidents, injuries, and property damage that is inadvertently caused as a result of normal business operations. Product liability insurance protects you against financial loss in the event your products cause bodily harm to a third party. Worker’s compensation insurance provides wages and medical coverage to employees who are injured on the job. These are a few examples of important business-saving policies that can protect you and your company should the worst happen. However, you may have overlooked one crucial protection your business might be lacking. Did you remember to include cyber liability coverage in your arsenal of business-saving insurance policies? Did you even know that type of coverage was available?
Hacking has become mainstream and the scope of malicious threat actors is ever-growing. Individuals and companies alike are more reliant upon technology for communication, business transactions, and data storage, and this makes us all vulnerable to malicious cyber activity. It’s no longer a matter of “if” a breach will happen, but a matter of “when.” Cyber-attacks and data breaches can be extremely costly to remediate. Recently, the Ponemon Institute conducted a study and surveyed 350 companies across 11 countries to learn more about the current costs of data breach incidents. They determined the average organizational cost of a data breach incident for a company within the United States to be more than $6.53 million. Legal fees alone average nearly $700,000 and that doesn’t even take into consideration the costs associated with forensics teams, public relations, credit monitoring services, and subsequent lawsuits. Although larger corporations may be able to absorb these costs, small and mid-sized businesses typically don’t have the capital and the effects can be devastating. In the 2015 Small Business & Cyber Security Survey, Endurance International Group found that 81 percent of small business owners expressed concern over cyber security threats but only 5 percent reported having cyber liability insurance.
If your company chooses to store and maintain a database of any type of personal information, such as names, addresses, Social Security numbers, or payment card details, you’re responsible for protecting that data. Your customers rely on you to keep their information safe and your company’s reputation depends on your ability to do so. Maybe you’ve decided to keep that data within your control by storing it on your own servers or maybe you decided that outsourcing that responsibility to a reputable cloud storage provider was a better strategy. Either way, when your company’s data gets stolen, you’re going to be on the hook for damages incurred. Fortunately, over the past few years, cyber liability insurance policies have evolved to cover all kinds of scenarios. The following information will help you understand what types of coverage may be available to you and your business.
- First-Party Coverage: This protects the policyholder from potential costs associated with the loss or damage to his or her own company’s data and may even cover lost revenue due to a breach or a cyber-attack that impacts software or network availability.
- Third-Party Coverage: This protects the policyholder from lawsuits and claims made by a third party who incurred damage during or after a data breach or other cyber-attack.
- Media Liability Coverage: Although not always cyber-attack related, cyber insurance policies may offer coverage for intellectual property/copyright/trademark infringement as well as libel and slander protection because most companies require and maintain an Internet presence to assist with the marketing and promotion of their products and services.
Important Questions to Ask
Not all policies are the same, so it’s important to know exactly what each insurance provider is willing to cover. Be sure to ask the following questions before deciding on a particular policy:
- Does this policy cover data stored or managed by a third party? If not, make sure to ask your third party service provider if they carry insurance that will cover you and your business in the event of a breach.
- Will this policy cover theft and breaches that result from using unencrypted devices and network connections? This is especially important to know if your company has adopted a Bring Your Own Device (BYOD) policy allowing employees to manage company data on their personal laptops, tablets, and smartphones.
- Are data restoration costs covered? Some cyber-attacks can permanently destroy data and the cost to restore damaged or deleted data can skyrocket very quickly.
- What about cyber extortion? Cyber extortion is a growing trend where hackers steal your sensitive or potentially embarrassing data and threaten to publicly release it if you don’t comply with their demands. The effects can be costly and devastating.
- Will this policy protect my company from regulatory actions? The liability surrounding data breaches has begun to shift and companies that don’t take proper and reasonable precautions to protect their customers’ personal information may end up facing large fines that could ultimately put them out of business.
- Does this policy cover identity theft and credit monitoring services? If your customers’ or employees’ personal information is stolen due to a breach of your network, you certainly wouldn’t want to pass the costs of credit restoration and identity theft resolution onto them. Plus, in some areas, you may be required by law to provide such services. If you’re not covered, this could cost your business millions of dollars.
Cyber liability insurance policies are constantly changing to adapt to modern needs, so be sure to do as much research as you can and know your cyber risk. Sit down and talk to a trusted insurance agent to discuss options to protect your business and assets from future cyber attacks.