“Cyber Risk” consists of the exposures arising out of the internet and computer network technology. This includes such events as hacking, virus transmission, privacy breach, and intellectual property breaches.
The problem for all of us is there is no fail safe technology that is immune to hacking. And even if there were, internet security is constantly and quickly evolving as hackers and security experts continuously m to outwit each other.
The harsh reality of data breaches are found in frequent headlines. Almost half of breach incidents have been attributed to lost or stolen equipment. The second largest threat comes from employees, temporary employees, and/or contractors (remember Target?). When a breach does occur, 74% lose customers. 59% face litigation. 33% incur fines. The average cost per lost record is just under $200.
This is not just a problem for large corporations. Over 72% of all data breaches occurred in small to medium size businesses. A recent Symantec survey indicates that 40% of all targeted cyber-attacks are aimed at companies under 500 employees.
While business owners may be aware of the potential for a data breach, many believe they are adequately protected and that it won’t happen to them. And, even if they were compromised, privacy breach is covered under normal business insurance. Right?
Doesn’t my general liability policy cover me?
In a word, no. The property insurance form protects IT equipment, but not the stored data or the privacy requirements associated with those records. Some insurance carriers may provide some “token” cyber liability coverage, but relying on this for a serious data breach is not enough.
Business Interruption coverage will typically not respond to outages caused by computer viruses or hackers. In addition, Florida requires notification in the event of a potential loss of personally identifiable information, as well as fines and penalties for not reporting the breach. One thing is for sure: no general liability policy will provide proper reimbursement for the substantial cost to comply with regulatory requirements and subsequent out-of-pocket legal expenses.
Cyber Risk Management
Many data breaches occur because of an employee error or an “inside job” from rogue employees. From passwords tacked on computer screens in plain sight and employees opening suspicious email and downloading malware to lost laptops and smart phones, a large portion of security breaches occur because of employee actions. Also, keep in mind that a data breach can occur from paper records as well. Outdated customer information, old credit card receipts and employee files that have been thrown into the dumpster are just as vulnerable as if a hacker logged into your network.
Best practices to mitigate your exposure include:
- Strong Passwords
- Control Access to Data
- Monitor Activity
- Employee Training
- Cyber Protocol (Written Policies and Procedures)
- Risk Transfer – (buy Insurance)
Risk Transfer - What is Cyber Liability Insurance?
The biggest challenge in finding the right cyber liability coverage is that every form is different, making comparison difficult and confusing. Policy premiums also vary dramatically. The most important way to reduce premium is to reinforce your security practices before seeking coverage.
Typical coverage parts found in a cyber liability policy include:
Third Party Coverages
- Privacy Liability (third party lawsuits for breaches of private information)
- Network Security Liability (third party lawsuits for non-privacy breaches such as viruses, worms, etc.)
- Media Liability (intellectual property claims such as copyright, trademark, etc.)
- Virus / Hacking Liability
- IP Infringement
First Party Coverages
- Information Asset Loss (costs to restore any corrupted or lost data caused by a security breach)
- System Damage
- Business Interruption
- Cyber Extortion
- Notification Costs (costs to notify an individual that their private info has been breached)
- Merchant Services (PCI Fines & Penalties)
- Regulatory Fines & Penalties (costs to defend a regulatory action and/or pay any fines and penalties levied by the government - may be just defense, may be just penalties, may be both)
- Cyber crime/fraud, Ransomware
- Reputational Damage Coverage (cost to replace income through loss of reputation / customer base)
Cyber liability can have devastating effects on a business. Don’t assume cyber liability won’t happen to you. Raise your awareness. Take action. What you don’t know can hurt you.