If you manage or collect your customer’s personal information, then you already know that state and federal laws regarding the loss, theft, or possible compromise of personal data can create a costly obligation. The size of your potential loss is correlated to the number of customers you have in your system.
Cyber breaches continue to be a concern for business owners as the sophistication and reliance on Internet technology increases faster than ever before. Not only do you have to consider internal risks such as a malcontent or negligent employee, but also bad actors that may attempt to take advantage of security flaws in your network; hardware; software; or honest, but unaware employees. According to Ponemon’s 2014 benchmark study, the average cost for each lost or stolen record containing sensitive and confidential information increased from $188 in the previous year to $201. In a cybersecurity insurance workshop, The Department of Homeland Security (DHS) identified at least 3 ways to prepare for cyber risks:
1. Risk Acceptance: An example would be setting aside an amount equal to an expected cyber liability event.
2. Risk mitigation: Using many recommended and tested security practices; companies can prevent or at least lessen the cost posed by cyber liabilities.
3. Transfer of Risk: A cyber insurance policy can help transfer all or some of your technology-related risks to an insurer.
What Risks Are Covered By Cyber Liability Insurance?
A cyber insurance policy is generally a package of coverage that includes protection for multiple risks. Ask your insurance professional about any liability coverage below:
Data Breach Liability Protection from damages suffered by your clients due to unintended release of private information
Security Breach Liability Protection from damages suffered by your clients due to network security failures
Regulatory Defense Expense Assists businesses lower the cost of complying with state and/or federal laws regarding breach notifications
Data Breach Expense Helps pay for potential third-party costs related to identifying and preventing breaches.
Cyber Extortion Threat Expense Covers the expense of paying extortions to unlock your data or website.
Reputational Damage Find assistance fixing your relationship with clients who may worry about working with your business in the future due to security issues.
Potential Cyber Liability Insurance Requirements
Many insurers will request certain practices are implemented to ensure cyber risks are decreased for both your business and the insurer. Insurers may ask your business to implement the following:
Designate a Chief Security Officer to oversee the firms cybersecurity.
Apply a firewall to your network and control remote access through VPN
Install anti-virus on all of your firm’s machines
Use intrusion detection software to prevent unauthorized access
Cyber Insurance Exclusions
Cyber Insurance generally does not cover systemic risks. Exclusions include widespread hardware/ software issues and acts of war. For instance, security events like the Y2K bug of 1999 and any act of cyber warfare between nations. Other exclusions will apply and you should check your policy to see which risks are not covered.