60% of companies go out of business six months after a cyber security breach.
Do you have the right coverage?
60% of companies go out of business six months after a cyber security breach.
Do you have the right coverage?
What is Cyber Liability Insurance?
It often also includes coverage for the costs related to state laws for businesses if they suffer a data breach. Each state has its own requirements for businesses that suffer an attack or data breach, but most require that your business notifies every customer of the breach, as well as pay for credit monitoring for every customer; this cost can add up VERY quickly, but Cyber Liability can help cover that cost.
Cyber Liability Insurance comes in many varying shapes and sizes, as a newer coverage on the market the policies run from very comprehensive to extremely limited in what coverage they provide. Some policies or endorsements to a Business Owners policy only provide coverage for the cost of notification in the event of a data breach, where some policies provide coverages for ransom attacks, the cost to recover data, coverage if you or your employees fall victim to a phishing scam or social engineering ploy, etc…there are a lot of options to choose from! It’s not often that two Cyber Liability policies or coverage options are identical, so it’s important to review your needs and risks with a InsureGood Advisor who can guide you through the right coverage.
Is Cyber Insurance, Liability Insurance?
Why Cyber Liability Insurance is Important
Cyber Liability Insurance is quickly becoming an essential coverage in every business’s insurance portfolio, mostly because almost every business is susceptible to a large risk of financial loss because of the following common business operations (just to name a few):
If your business keeps record of customer, employee, or vendor information in a digital format that could be considered “Personally Identifiable Information” or PII, and you suffer a cyber attack, you are susceptible to, at minimum, State Regulations often requiring you to notify all customers (not just the ones potentially compromised) of the attach and the cost of credit monitoring for all those customers. The costs of navigating the regulations, notifying all your customers, and paying for any monitoring or more can be devastating to a company.
The most impactful threat is if a class action suit is filed against your business. Defense costs and potential awards could also be devastating to a business. A Cyber Liability policy can cover you in the following ways:
- Provide expert counsel as to how to navigate each state’s notification and monitoring requirements when there is a breach
- Cover the cost of notification and monitoring
- Provide defense and the cost of defense against lawsuits
- Provide coverage for the cost of awards or settlements because of those suits
If you take payments via Debit or Credit Card the risks outlined above increase significantly, as debit/credit card information is highly valued by cyber criminals and can cause significant damage to your customers if it gets in the wrong hands. Many Business Owners mistakenly believe that their Point-of-Sale provider is the entity that runs all the risk to keep this data safe, but more times than not, the company taking the payments contractually transfers that risk back to the user (you) in the event of a data breach.
Most Businesses use one of the above (if not all) during their operations and have multiple employees with these devices. If you are like many businesses, there is most likely the PII of your employees, vendors, and/or customers on those devices as well as access to your systems which could open you up to a ransom attack. A cyber policy would respond as above in this case of a data breach via theft of devices, but also consider this.
Many cyber crimes occur when employees lose or misplace their devices – this happens twice as often as active theft of devices – and a criminal gets a hold or a person sells it on the black market. Not only could a criminal breach your data via a lost device, but they could easily have access to your systems and hold your systems for ransom. In a ransomware attack, a cyber criminal can effectively hold a business hostage until a payment is made to release their systems. Most businesses rely on management software to schedule, invoice, track, communicate, organize, and effectively run their business, and holding these systems hostage can be financially devastating.
According to Cyber Security Magazine 85% of NSP’s (network security providers) consider Ransom Attacks as one of the largest threats to small and mid-size businesses. Cyber Liability can help cover or negotiate ransom and/or recover access to your systems as well as pay for loss of income during the time you did not have access.
E-mail is now the preferred method of communication for individuals with businesses and vice versa, however, email communication can open a host of opportunities for cyber criminals to attack your systems or coerce you into handing over money against your intention or will. Cyber criminals preferred method to attack your systems is via email.
Consider the following (3) approaches of cyber criminals through email and know that Cyber Liability policies can cover you in each instance:
- A cyber criminal sends and email appearing to come from a trusted source with a link to open an article related to your business. The link provides an open door into your systems in which the criminal can access all your data resulting in a cyber breach.
- A cyber criminal sends an email appearing to come from your CEO or CFO asking for payment to be made to a vendor while they are on vacation. The employee, knowing the CEO or CFO is on vacation goes ahead and makes the payment as everything appears legit in reality, the money is going directly into a cyber criminal’s pocket.
- An employee opens a malicious email that ends up providing the window for a cyber criminal to hold your data and management systems hostage – resulting in a ransomware attack in which you are required to often pay thousands of dollars to get your access back.
Let’s free you up to focus on what’s most important in your business.
No matter what your goals are or the challenges and frustrations that you have – there’s someone out there who “been there” and “done that”.
What is not covered by Cyber Liability Insurance?
Most Cyber policies would not cover a business for any bodily injury, property damage, medical costs, Professional Error or Omission in your normal business operations, or Business activities involving Automobiles. In general, Cyber Liability Insurance is only meant to cover financial loss because of cyber crime against your Business. Since Cyber crime is a very broad ranging risk, Cyber policies are very specific and the options for coverage can be broad as to what it will/won’t cover. The most basic Cyber Liability Insurance usually covers for Liability claims – person(s), entity(ies), or states that hold you legally liable for a breach and the costs associated with fines, defense, mandatory actions required by law, and awards or settlements in or out of court. Cost to cover things like forensic research to find the cause of the breach, business income loss as the result of a shut down in business operations due to a breach, loss of funds falling prey to a social engineering scam, ransom, data recovery costs, funds transfer fraud, etc. are all coverages that may or may not be included in a Cyber policy. Make sure to work with your InsureGood Advisor to determine what coverage is necessary for your business and what policy will provide that coverage as part of a comprehensive Insurance portfolio.
What is Personally Identifiable Information?
Personally Identifiable Information, or PII is defined by the Department of Homeland Security as “Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.” So in basic terms, PII is a combination of an individuals information which is personal only to them. That information when shared with a business or entity is expected to be kept confidential and protected from any non-authorized entities or individuals at all times. This responsibility lies with the Business with whom the person has directly authorized the sharing of this information (whether it be via a formal agreement or implied).
What is the difference between Cyber Liability Coverage included in a Business Owners Policy, and a Separate or “Standalone” Cyber Liability Policy?
What are the main Coverages under Cyber Liability?
First Party coverages can include things like coverage for Notification Costs, Business Interruption income loss, the cost of Data Recovery, and coverage for Ransomware attacks
Third Party coverages can include things like coverage for Network Security and Privacy Liability suits against you, fines or penalties from banks or credit card companies after a breach, regulatory fines, or Media Liability suits.
Crime coverages can include coverage for Computer Fraud- funds or property stolen as a result of a hack, Funds transfer fraud when a criminal tricks a bank or institution in transferring money away from you, or Social Engineering attacks- when a criminal tricks you into transferring or giving funds under false pretense.
Cyber Insurance Policies come in many varying forms and should be reviewed with your InsureGood Advisor in detail prior to purchasing to ensure that the coverage is appropriate for each Businesses’ unique needs.
Is Cyber Liability Insurance worth the cost?
Considering that 83% of small to midsize businesses are not prepared to handle the cost of a cyber breach, ransom attack, phishing, or social engineering scam, yes, Cyber Liability Insurance is worth the cost. If a potential threat can easily devastate your business financially, but you can manage to set aside an annual or monthly cost to prevent that devastation, it’s worth considering. Most Cyber Liability Insurance policies are priced according to the type of Business you operate (which often defines the type of PII your business will handle), the number of customers you have, and the number of employees you have. Therefore, the cost of these policies is usually directly proportional to your size and relatively affordable for most businesses. In addition, the more preventive methods you deploy in your business to stem a crime from happening, the more attractive you are to more competitive insurance companies offering lower premiums and discounts. So, tactics such as employee training on recognizing phishing emails, malicious links etc., and appropriate password handling along with firewall and backup planning can go far to getting you more competitive insurance as well as protect your business. For more information on tools to help prevent a Cyber Loss, reach out to your Advisor at InsureGood.