If you're a business owner or are in charge of an organization, you are probably well aware of how crucial it is to have adequate insurance coverage. But when it comes to cybersecurity issues, general liability insurance typically doesn't offer the detailed levels of protection you need. Today, we'll highlight the importance of a cyber insurance program that fits your situation. We'll also take a closer look at common types of cybercrime that can threaten you and your customers.
Why Is Cyber Insurance So Important?
It's the massive corporations that get the headlines whenever there is a major cyber-attack, but the reality is that practically any size business is vulnerable to this risk. According to Small Business Trends, phishing scams target small businesses 43% of the time. The Denver Post reported in 2016 that 60% of small businesses close their doors within six months following a cyber attack.
To put it simply, if your business handles customer data or processes payment transactions, you’re at risk of a cyber-attack. Expenses associated with these kinds of attacks can quickly add up for a small business. Whether you have 300 customer records or 3,000, your bottom line could be impacted by legal defense costs, settlements, lost business, notification costs, and more.
Cyber insurance is a way to help businesses that store personally identifiable data, or PII, recover from cyber-attacks. Organizations in many industries, such as retail, healthcare, law firms, financial service providers, and more, are all susceptible. If your business stores any kind of information about your customers, you will want to have coverage for both first-party and third-party incidents.
The Different Types of Cyber Coverages
Hackers and cybercriminals can target businesses in many ways. And the average cost of an attack can range from the hundreds of thousands of dollars to the millions. To provide adequate protection from such costs, an insurance company may write a cyber insurance program that includes coverages such as:
- System business interruption
- Phishing scams
- Damage to the business' reputation
- Intellectual property right infringement
- Third-party privacy management costs
These are just a few examples. As cybersecurity issues become more prevalent, lawmakers are striving to create new cyber-related legislation to address vulnerabilities. More laws mean changes in business insurance policies and procedures. Even if you choose the right coverage, your needs can change, which means it is important to review your policy and the needs of your company to ensure you have the right coverage for your current situation.
First-Party vs. Third-Party Coverages
Having the right coverage can help protect you from a variety of issues that can arise from a cyber breach. In addition to third-party liability coverage, most data breach insurance policies provide coverage for first-party expenses such as:
- Lost business income and extra expenses from a partial or full shutdown of your computer system due to a virus, hacker, or other insured peril.
- Restoration of loss of sensitive data that was damaged or lost due to a hacker, malware, virus, or other covered cause.
- Costs incurred to notify your customers if your data breach impacted them. Some policies may also cover the cost of credit monitoring services for your customers that were affected.
- Costs associated with an extortion threat such as ransomware. This is when an extortionist hacks your computer system and then refuses to release data unless you pay them a sum of money.
- Costs for crisis management including hiring public relations, legal help, or computer consultants to help mitigate losses and restore the reputation of your company.
Small business owners don’t always store data on their own networks but can still be held liable for the work they do. Professionals like tech consultants, web developers, and even independent contractors could be blamed for oversight, mistakes, or negligence in the work they perform and could be held responsible for things like data breach issues. That's where third-party coverage comes into play. It is meant to cover expenses for businesses responsible for their clients' online security and data.
Common third-party coverages are:
- Legal and regulatory costs
- IT security and forensics costs
- Crisis communications costs
- Third-party privacy management costs
Ransomware on the Rise
Again, the common perception is that most cyber-attacks happen to major corporations. However, according to Coveware's latest set of statistics from Q3 of 2020, "more than 70% of ransomware incidents were companies with fewer than 1,000 employees, and 60% had revenues of less than $50 million." So, why are smaller organizations targeted so often? The answer is that these businesses usually do not have a dedicated IT security team to help their staff stay vigilant.
Unfortunately, ransomware attacks are becoming more and more common every day. These incidents are incredibly disruptive, and the costs of paying the attackers to recover the data, combined with all the legal costs can cripple a business.
It is crucial that your organization not turn a blind eye to this rising threat or assume it will never happen to you. Consult with your insurance agent about proactive risk management strategies that can help you avoid attacks. You should also make sure you have the backing of a capable claims team to help get your business back on track in the event of a ransomware incident.
A Closer Look at Data Breach Coverage
As we've mentioned, there are many kinds of cybercrimes your business should be prepared for, ranging from ransomware to extortion. But we also want to focus on data breaches and the specific insurance solution for these security risks. A data security breach is an incident in which secure employee or customer information is accessed without permission and often used for criminal purposes. These security breaches can harm your business and customers in many ways; they are a costly expense that can damage reputations, lives, and take months or years to repair.
Data breaches occur for various reasons, including poor cybersecurity procedures and hacking, just to name a few. While it might seem like some businesses don't store highly sensitive information, practically all data is private. So, with this in mind, do you need this type of insurance?
Your business likely needs a data breach insurance policy if you do any of the following:
- Communicate with customers via text message, social media, or email.
- Receive or send private documents electronically.
- Advertise on websites, social media, or other electronic media.
- Store private data such as accounting records, trade secrets, or tax documents on a computer network.
- Store personal information about employees, customers, or vendors, such as addresses, birth dates, social security numbers, or credit card information.
Of course, these activities help your company operate efficiently, but they come with risks. Data can be retrieved and stolen or could be damaged by a hacker or virus. This could be costly to repair and could even result in a lawsuit against your company. The cost of data breaches varies depending on the size of your company, but it's important to note that larger corporations usually rely on a breach response team to reduce their financial losses.
Make Sure Your Cyber Insurance Covers Data Breaches
Nearly every business is vulnerable to some type of data or cybersecurity breach. Cybercrime has become one of the fastest-growing concerns around the world. You should be conscious of this ever-present threat and take action to protect your business.
Adequate coverage begins by assessing your risk and reaching out to an insurance agent to explore your cyber insurance options. Insurers can make many bold claims about insurance quotes in commercials, but knowing everything you are truly covered for if something were to happen requires more thorough attention and care. At Conover, we are here to not only help with costs; our goal is to give you clear guidance and proactive support. Contact our team to receive a complimentary assessment of the coverage you currently have to see if there might be insurance programs that are better suited to your needs.