Why Cyber Liability and Data Breach Coverage Could Save Your Business
Here’s a worrying statistic: More than half of small companies go out of business with six months of having their computer systems hacked.
One of the key reasons: They don’t have cyber liability and data breach insurance. They simply cannot meet the costs of putting things right after a data breach.
And, as we all know, hack attacks are among the fastest growing global crimes. No one, but no one-even governments and security agencies-is safe.
But small organizations are actually among the most vulnerable, often with dire consequences. According to the Ponemon Institute, more than half of small or medium sized businesses said their organizations had experienced a cyber-attack in 2015-16.
Yet there’s a lot you can do to keep your business or non-profit safe from these criminals.
Let’s take a closer look.
7 Things About Cyber Liability Everyone Should Know
There’s a great deal of ignorance about the risks and effects of a data breach. Here are seven key things you should know:
- Small firms are big targets for hackers. The big data breaches are the ones that grab the headlines but any organization that uses networked technology is at risk. According to the online publication Small Business Trends, 43 percent of all cyber-attacks target small firms.
- It’s not all about hackers. Most people assume that data breaches are purely the result of outside cyber-attacks. Not so. Disgruntled employees, untrustworthy IT contractors and even careless employees can be to blame for data losses. And almost half of breaches happen because of human error.
- The biggest cost could be restoring your reputation. After a data breach, a firm’s reputation slumps. Customers become more wary. On average, firms that have been hacked lose up to one third of their customers. It can take years and a lot of money to rebuild your credibility.
- You can’t keep it quiet — it’s the law. Under the Georgia Personal Identity Protection Act, any organization that suffers loss of data as a result of being hacked must tell affected citizens as soon as possible. Failure to do so puts the organization at risk of significant penalties. Breaches involving more than 10,000 victims also must be notified to the credit reporting agencies.
- It’s not just about the risk of being hacked. You could be liable for costs arising from almost any loss of data that finds its way into the public realm — data on a lost or stolen smartphone or laptop for example.
- The risks of being compromised by a data breach are bigger than you might think. Insurance experts say businesses are more likely to be hit by a cyber loss than by fraud or even theft.
- You can’t totally prevent a breach. There are many actions you can take to minimize the risk of a breach (see below) but there is no way you can 100% prevent an incident. That’s why cyber liability insurance is so important.
What Does Cyber Liability Insurance Cover?
Different insurance carriers can offer slightly different policy coverages. But in the main, most cyber liability insurance policies cover costs relating to:
- Notifying victims, authorities and others who may be affected by a data breach
- Providing no-cost credit monitoring services to affected customers
- The cost of rectifying your reputation, for example through a PR campaign
- Managing and investing an incident, including employment of forensic investigators
- Repairing affected computer systems
- Defense against claims from state regulatory fines and penalties
- Victims’ losses arising from subsequent identity theft
- Liability for hacked website content — for example, malicious falsehoods inserted by the hackers, defacement or copyright infringement
- Lawsuits and class actions claiming damages directly resulting from the breach.
Many policies also provide protection from business losses arising from disruption of your activities, loss of data, computer fraud and extortion.
More Cyber Liability Questions and Answers
How does cyber liability and privacy insurance differ from technology errors and omissions insurance?
Answer: Tech E&O insurance is specifically tailored to technology service and product providers.
What’s the difference between first party and third party cyber liability insurance.
Answer: Following on from the above question, first party cyber liability coverage refers to the insurance generally required by non-tech companies, whereas third party cyber liability coverage is tailored to the needs of IT firms who are held responsible for a data breach on systems or software they have supplied to a client or third party.
What can I do the reduce the risk of a cyber-attack?
Answer: It’s all about taking every possible security measure including: vetting everyone in your organization who has systems access; frequently changing passwords and limiting who has access to them; backing up data regularly and storing it offsite; using the most sophisticated possible security software; encrypting records; and regularly monitoring your systems so that if there’s been a breach, you can block it as quickly as possible.
Also, prepare a written systems security policy and make sure every employee has it and has read it! Among other things it should include rules on systems access and the use of mobile technology (including external drives). Make sure too that the policy is regularly reviewed to keep pace with changes in your business, new cyber risks, and the regulatory environment.
How much does it cost to put things right after a cyber-attack?
Answer: According to Ponemon, companies spent an average $880,000 because of data theft and technology damage. Add another $955,000 for the disruptive impact of the incident on business operations.
The potential consequences of a data breach can be terrifying – and this isn’t a risk that’s likely to diminish any time soon.
If you rely on networked technology in your organization, you need cyber liability insurance and data breach insurance. Period.
But you also need to work with experienced cyber insurance professionals so that you are properly protected for the risks you face. This is a relatively new field of insurance and some agents may not yet be fully up to speed with the fast-changing cyber-crime environment and Georgia’s regulatory framework.
Fortunately, Grimes Insurance does have that expertise and experience. If you’d like to know more, please contact us for a free and confidential discussion.