Malware, worms, trojans, bots — the number and types of cyber threats that businesses face continue to grow. Nearly 80 percent of U.S. businesses have suffered a data breach in the past year, and, while not all may cause damage, it only takes one to put your customers’ personal information, your assets, and your ability to do business at risk. Here are a few must-know details to help your business prepare for and protect itself against cyber threats:
Small Businesses Are Not Immune to Cyber Attacks
If your business has a website, uses social media, stores company information electronically, or sells products or services online, cyber insurance is a must. Why? Because smaller operations are less likely to invest in the sophisticated cyber security that larger corporations have — and online attackers know this. In fact, 71 percent of cyber attacks hit businesses with fewer than 100 employees.
The Financial Impact of a Data Breach Is Significant and Varies by Industry
Think about how many electronic customer records you have. According to a recent survey, the average cost per record lost or stolen as a result of a data breach is $221. And that cost can be more or less depending on your industry. For example, for the health care and financial services industries, the average costs per record are $402 and $264 for lost and stolen, respectively. Retail and hospitality businesses pay less, with average per record costs of $200 and $148. Is your business financially prepared for the fallout if you suffer a data breach and private information is exposed?
Standard Insurance Policies Typically Do Not Cover Cyber Attacks
You may think your business owner’s policy (BOP) has you completely covered, but the truth is that you could have significant gaps in protection — particularly from online threats. Consider the following examples:
- If furniture or equipment goes missing, your BOP will cover the loss of this property. However, if intangible property like electronic data is stolen, coverage does not apply.
- If a customer is injured at your store and files a lawsuit, your BOP or general liability policy can help cover costs related to litigation and court judgments. However, if you suffer a data breach and are sued, you would be responsible for all defense costs and any damages.
What can you afford in terms of downtime, investigation, and recovery? A single breach can cost you millions in legal fees, regulatory fines, lost business, breach notifications, and more. Cyber insurance can help fill some of these gaps in coverage.
Cyber Insurance Protects Your Business in Two Ways
If your business does suffer a data breach, you could have two types of expenses, so make sure your cyber insurance covers both. First, direct expenses include costs to:
- Notify affected individuals that their information has been compromised
- Contract with computer forensic experts to determine the origin and extent of a privacy breach
- Retain a public relations or crisis management firm to control potential adverse media and reputational attention
- Provide identity theft restoration services for individuals whose identities may have been stolen or misused
- Cover fines and penalties (where insurable by law) by a government entity or the payment card industry (PCI) due to breach of privacy regulation
Second, if your business is sued as a result of a data breach, you will also have expenses related to the lawsuit, including costs for your defense and any damages, judgments, or settlements to affected parties. Your policy may also cover costs to restore or re-create your data and/or systems if they are damaged or lost, replace lost business income, and resolve extortion or ransom demands from someone threatening your computer network. Policies differ by company, so ask your independent agent about what is and isn’t covered.
The Best Defense Is a Good Offense
Having cyber insurance coverage is a good start, but it isn’t enough. You also need to be vigilant about protecting your company against cyber threats. Think about your operation and identify where your vulnerabilities are — this includes your security shortfalls as well as the overall sensitivity of your data.
Consider the amount of data that you store and how you accept and transmit it, your industry regulations, the age and size of your infrastructure, as well as the security practices of any vendors or partner organizations with which you might share data or networks.
Then, think about the actions you can take. For example:
- Invest in virus and anti-phishing email software, data encryption, and off-site backups of data and your website.
- Have a response plan ready to go in case the worst happens. A cyber-attack should be covered in your business continuity plan.
- Have procedures for disposing of paper records, computers, and other storage devices to make sure sensitive information is destroyed or removed. Keep records no longer than needed (to protect your business and to comply with applicable laws).
- Control access to sensitive information, and provide authorized users with individual passwords. Employees should not share passwords with others or use personal email or devices to send sensitive information. Be sure to terminate access when employees leave your company.
- Train employees to spot suspicious activity — online and otherwise. They should know the red flags of phishing email scams and how to report potential security breaches.
Your business uses locks, cameras, a security system, and more to protect equipment and inventory, so make the same effort to secure your online assets. Even if sensitive information is shared accidentally, it can still be harmful to your reputation and business.
Complex Coverage Made Simple
The legal and financial fallout of cybercrime is complicated, but having the right coverage can make all the difference. If you’re unsure of what to do next, start by assessing your risk — and then get advice from an insurance expert. Your independent insurance agent will be able to connect you with providers and policies that meet your needs and can help protect you if your business experiences an online attack. Or find out more about the data breach and cyber coverage offered as part of Liberty Mutual’s business owner’s policy.
*Liberty Mutual Insurance is the #1 preferred business provider based on 2016 survey of business insurance buyers on preference of national carriers sold via independent agents.
Was this relevant to your business?