Cyber criminals are continually uncovering and targeting hundreds of new vulnerabilities. Are you prepared?
A cyber incident can be devastating to any business. It is critical for every business owner to implement a security program, including having the right cyber insurance, to protect against the evolving risks from cyber crime. Here’s what you need to know to help protect your business.
What Type of Business Sectors Have a Cyber Liability Exposure?
While no business is exempt from the threat of a cyber attack, industries with higher levels of risk include the following:
- Financial institutions: banks, credit unions, brokerage firms, mortgage companies
- Health care institutions: hospitals, clinics, nursing homes, rehab facilities
- Education institutions: schools, colleges, training institutes
- Critical infrastructure: communications, information technology, commercial facilities, transportation, emergency services, energy, water
What Type of Personal Information is at Risk in a Cyber Attack?
Most businesses keep sensitive personal information in their files that identifies their customers and/or employees. This information can range from sensitive and confidential information to information that is publicly available, such as:
- Bank account and routing numbers
- Credit card numbers
- Identification and driver’s license numbers
- Date of birth
- Phone numbers
- Health information
- Criminal records
Personally identifiable information is any information about an individual that is required by any local, state, federal or foreign law, or regulation to be protected from unauthorized access, acquisition, or public disclosure. This information varies by state.
Regardless of the size—or nature—of the business, it is essential for business owners to make data security a priority.
How Can a Successful Cyber Attack Harm Your Operations?
Businesses become increasingly vulnerable to cyber thieves as they store more and more of their customers’ data online. Some of the ways a cyber attack can harm your operations include the following:
- Data loss
- Business interruption
- Lost productivity
- Regulatory fines and fees
- Third-party litigation
- Brand or reputation damage
5 Key Questions to Assess Cyber Exposure
Here are five key pieces of information to discuss with your insurance advisor. This will help determine the type of coverage that’s needed.
- What proprietary information do you collect, manage, or store?
- What confidential personal information do you collect, manage, or store from your clients and your employees? Examples would include:
- Protected card information (credit card information, online commerce, etc.)
- Personal health information
- Personal information (name, address, age, driver’s license numbers, social security numbers, income, insurance, etc.)
- What confidential business information do you collect, manage, or store from your clients? (credit card information, banking information, address, revenues, other information subject to confidentiality agreements, etc.)
- In what ways do you collect, store, or manage information? (e.g., paper files, electronic database or server, etc.) How is this information protected? (e.g., locked up, encrypted, etc.)
- Do you employ third parties or outside vendors to handle proprietary information? (e.g., document disposal, digital backup, etc.) Do you outsource any information technology?
Types of Cyber Insurance Coverage
Privacy and Security Liability
If private employee or customer data is compromised due to faults in your business systems or theft by hackers or disgruntled employees, your business will be held liable. This coverage protects businesses from liability exposures associated with this risk.
Liability can also result from a third party that processes and/or stores client data. Many business leaders mistakenly believe they don’t have liability if they are not storing the data. This is far from the truth. It is important to understand you can outsource the responsibility, but you can’t outsource the accountability.
Some cyber policies may cover expenses incurred to retain a relations consultant or crisis management firm to plan or executive a public relations campaign to mitigate any negative publicity generated from a cyber loss.
Coverage for income loss resulting from communication specifically arising from an incident that negatively harms your company’s reputation.
Business Income and Extra Expenses
This insurance is designed to provide coverage resulting from an interruption of computer systems caused by a security failure or systems failure. This can include lost revenue, costs for restoring valuable data, and costs to repair systems.
Cyber extortion is a threat made by an individual or organization for the purpose of demanding payment of money, securities, or electronic currencies such as Bitcoin, Ethereum, and other digital currencies. Coverage for this risk will pay for extortion expenses incurred to respond to a demand, other costs, or fees to respond to extortion.
Media or Web Content Liability
This insurance provides coverage as a result of gathering, communicating, reproducing, publishing, disseminating, displaying, releasing, transmitting, or disclosure of media content, including defamation, libel, slander, violation, invasion, or interference of privacy rights, infringement, plagiarism, or improper deep linking.
Minimizing the Risk of Data Loss
In addition to having the right insurance coverage in place, we strongly encourage business owners to seek advisement from experienced security defense advisors to discuss the implementation of proactive measures designed to mitigate cyber risk and build resiliency, including but not limited to:
- Creating data backups and encrypting sensitive information
- Updating all security systems and software
- Conducting regular employee cybersecurity training
- Using strong and complex passwords
- Installing firewalls
- Reducing attack surfaces
- Assessing third-party service providers
- Having a kill switch in place
- Creating solid cyber risk policies and strategies
- Protecting critical infrastructure and physical premises
To effectively mitigate cyber risks, a collaborative approach among business leaders, defense advisors, legal counsel, and insurance advisors is needed. Leaders who are proactive in their strategies and utilize a collaborative approach will establish resiliency and have the greatest chance of promptly recovering from and surviving an attack.