Biz Must Have – Cyber Liability
The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Empire Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. Th Anthem Facts or FAQs seek to provide helpful information to the millions of individuals affected. These communications address what is known about the incident, describe the kinds of information compromised, warn affected persons about potential email attacks, and advise that there is more information coming.
But there is not much information at this point for employers that are plan sponsors of group health plans. Is this really only Anthem’s problem? How well protected is YOUR business? In the event of a hack would you even realize this before its too late? We know that long before the attack the malware may have been sitting there latent as early as December. Even if you have IT service agreement will they insure and cover you in case of compromise hacks?
A critical component of combating the risks to your business represented by cyber crime and unintentional data breaches is to purchase a cyber liability insurance policy. Cyber coverage isn’t exactly new, but the need for it is increasing as the rate of cyber crimes rises.
FBI Executive Assistant Director Kenneth Bixby, the agency’s “point man” for cyber fraud, recently presented testimony before Congress regarding the bureau’s efforts to combat computer fraud. While attacks on large corporations like Target, Neiman Marcus, and Home Depot make the evening news, Bixby emphasized that smaller companies (those with fewer than 250 employees) are the targets of almost one third of all cyber attacks.
Last year, according to FBI statistics, federal agents informed over 3,000 U.S. businesses that their data had been hacked. In nine out of ten cases, these companies didn’t even know their computer systems had been breached until they were informed by the government.
Symantec estimates that attacks on small businesses increased 91 percent from 2012 to 2013, and experts believe the increase in software as a service and cloud storage solutions suggests that the problem is only going to get worse. As one security expert puts it: “Either you have been data breached or you just do not know that you have been data breached.”
The Cost of Data Breaches
In a separate Symantec-sponsored study, researchers identified the major direct and indirect expenses associated with business data breaches. They include:
Direct Costs: engaging forensic experts, providing customer hotline support and consumer credit monitoring subscriptions, discounts for future products and services.
Indirect Costs: in-house investigations and communication, the extrapolated value of customer loss resulting from turnover or diminished acquisition rates.
The same study pegs the per-record cost of a data breach at $188—32 percent for direct costs and 68 percent for indirect. This is just an average, however. According to researchers, the cost per record for data lost or exposed due to employee errors and system glitches is (on average) “cheaper,” coming in at $159 and $177 per record, respectively. In contrast, the cost associated with data loss or exfiltration from malicious cyber attacks is much more “expensive” at $277 per record.
A separate 2014 study by Kaspersky Lab tallied business losses for a given data breach “from $66,000 to $938,000 per organization, depending on the size of the company.” In addition, the Kaspersky study found that, in data breaches that involved business-to-business accounts, 43 percent of businesses terminated a business relationship following a reported fraud on their account, while 82 percent of companies indicated they would consider ending a business relationship with a company that suffered a data breach.
Cyber Liability Insurance
A critical component of combating the risks to your business represented by cyber crime and unintentional data breaches is to purchase a cyber liability insurance policy. Cyber coverage isn’t exactly new, but the need for it is increasing as the rate of cyber crimes rises. Also, many business owners don’t realize that cyber insurance often needs to be purchased as its own policy. As you begin looking into getting this crucial insurance for your company, it’s important to note that pricing and coverage will depend in large part on the details of your business, your data, your security measures, and your online presence.
Policies and coverages vary, but a cyber liability insurance policy generally covers the following:
Coverage for actual costs associated with a data breach: these can include consumer notification, customer support, and contracted credit monitoring services for those affected.
Liability for security/privacy breaches: protection from lawsuits and other actions resulting from the exposure of confidential customer information.
Asset recovery and restoration: the cost to restore, update, and/or replace hardware, software, or data assets damaged through cyber crime or by an unintentional loss or release of data.
Business interruption costs: coverage for additional expenses incurred and losses sustained as a result of a data breach.
Reputation management: protection from liability related to slander, libel, copyright claims, and other harm to your reputation resulting from activity on a business website or in social media.
Some policies also cover additional items, such as cyber extortion, cyber terrorism, and the cost of regulatory penalties or sanctions that may result from a breach of data.
If you think your existing business liability policy will protect you in the event of a breach of your company’s data, you’ll want to think again. Many business policies specifically exclude this type of risk because of the extreme variability between different companies’ risks and assets. If you’re not sure whether you’re covered, schedule an appointment to talk to your insurance advisor so you can be protected in the likely case of your company suffering a data breach.
Some of the elements of cyber-liability coverage may be interconnected or overlap with coverage from existing products, including those for business continuity, third-party supply chain issues, and professional indemnity. Even if this overlap does exist, a decent cyber-liability policy is not expensive and will save you headaches in the long run.
Talk with our cyber liability partner Mordy Littman and check if your business is protected at (855) 667-4621.
Safety & Loss Prevention Solutions
Improve safety, avoid lawsuits and increase profitability.
Employment Practices Liability Insurance
Protect yourself against claims made by current, former and potential employees.
Directors & Officers Liability Insurance
Provide financial protection for your board of directors and senior management.