Cyber-Security and Cyber-Insurance Basics

30 Jul 2015

By now you have probably read about the high profile data breaches at Home Depot and Target. But are you aware that many small businesses are also being targeted by cyber criminals? What if a data breach occurred at your business? Are you prepared for such an event? How would you respond? Would you be covered by your current insurance policies? What exactly is cyber liability insurance? Why do you need it? What types of scenarios should you be concerned with?

Cyber liability insurance is intended to pay for certain expenses incurred as a result of a data breach caused by a malicious cyber security attack. Cyber-crime is on the rise and some costs associated with a cyber liability loss may include:

  • Costs to notify affected customers who may have had their personally identifiable information (PII) exposed (PII may include social security numbers, birth dates, names and addresses, personal health information et al). Although costs continue to rise, it is presently estimated that the average cost of a breach is around $200 per compromised record. This includes costs associated with ongoing credit monitoring for those affected. Multiply this by the number of possible affected parties and you could be facing a staggering unexpected bill!
  • Costs associated with a forensic investigation to determine where the breach occurred
  • Regulatory costs such as those imposed by HIPAA and other privacy laws for failing to safeguard the privacy of patient health information (policies can be written to provide coverage for these penalties). If your business is subject to HIPAA or other regulatory laws you could be at risk and you should consult an insurance broker familiar with this type of coverage to ensure you have proper protection.
  • Reputational damage may be sustained when a data breach occurs. There may be a sharp decline in business due to a lack of customer confidence. Public relations costs may also be incurred.
  • Costs to defend claims by state regulators
  • Funds transfer loss and cyber extortion

Many additional potential costs exist and these listed are only a few of the most common. So what can businesses do to reduce the risk of being the victims of cyber-crimes and to prevent data breaches? While no plan provides complete peace of mind, certain steps are essential for even small businesses. The steps include creating a cyber risk team which will develop a strategy to reduce the risk of data losses. This team is also responsible for ensuring that all computers and electronic data processing equipment including iPads, smart phones, laptops, etc. are encrypted. This is invaluable in the event that a handheld device or laptop is lost or stolen. It also provides additional protection from unauthorized parties seeking to access sensitive information.

The number of cyber-security consultants is growing as most business owners are waking up to the reality of this new type of threat. These consultants offer a wide variety of services which typically include an initial risk assessment of your company’s IT security that aims to identify vulnerabilities. In addition, they can help you with preventative measures and to create a cyber-security breach response plan. It is recommended that companies create a formal written response plan to be followed in the event of an attack. These consultants also periodically test your system to see if it if easily penetrated. One of the most commonly overlooked aspects of cyber-security is employee training. Even if your company implements all of the safety protocols available, you are still as vulnerable as your weakest employee. Employees often forget to log off their computers properly, they may open personal, potentially malicious emails on company computers, and they may even leave sensitive documents in the copy machine! Each of these could constitute the negligent sharing of sensitive personal information and may result in a data breach.

Although some companies may prefer to handle their cyber-security in-house with a team of IT professionals, it is highly recommended to consult an expert in this area. Upon implementing adequate protocols to prevent a data breach and formulating a response plan in the event that one occurs, you will be able to purchase a proper cyber liability insurance policy to cover your specific areas of concern. Talk to your insurance broker today before you suffer a loss. An ounce of prevention may be worth millions of dollars in preventable, insurable losses.

By Brendan Leavy

Licensed Insurance Broker

Integrated Coverage Group

This article was also featured in our newsletter Bottom Line Vol. 12