Cyber Insurance for Business: A Way of Life in a Connected WorldMarch 10, 2020
Whether yours is a newly established business, or one that's been in operation for generations, your concerns are largely the same as the hardest-working merchant of centuries past — how to identify a demand for your product or service; how best to deliver that product or service to your customers; how to grow and profit and prosper in an ever-competitive marketplace. That said, the 21st century presents challenges that were undreamt of by your recent ancestors — and nowhere is that distinction more apparent, than in the ever-present threat of a cyber attack.
From attacks on some of the biggest names in consumer retail, digital communications and financial services, to the upper levels of our federal government, cyber crime is a major ongoing news story — but lost amid the headlines is the fact that the agents of digital hacking, internet fraud and data theft don't necessarily confine their activities to the major players. Now more than ever, businesses of any size exist on the front lines of vulnerability, and the more of your business exists in the digital realm — employee records, client financial info, sales/ inventory reports, credit card transactions — the more important it is to protect your business with cyber insurance.
Why a Cyber Insurance Policy is the Firewall You Need
By many accounts, more than half of the world's businesses have been the targets of a data breach — unauthorized access to digital files and/or media that contains unprotected personal information about a business and its clients. More than half of those attacks have been aimed at smaller-sized companies who don't have access to the kind of sophisticated digital security systems retained by major corporations, let alone the financial resources to afford such protections. With hackers striving to stay forever a step ahead of the latest state-of-the-art data protection technology, your best means of addressing the issue is to insure your business against cyber attacks and their consequences — something that most commercial general liability policies do not cover.
In the words of independent insurance agent Scott Stanford, “cyber liability insurance is an absolute necessity for healthcare, legal, financial, or any professional service that relies on confidentiality of client info.” As the president of the Monmouth County based Stanford Agency observes, "medical personnel in particular have HIPAA concerns regarding patient confidentiality…detailed health records, financial/insurance info, prescriptions…the law puts the responsibility for protecting patient data onto doctors and health networks, so cyber liability insurance is a must.”
While commercial policies can cover losses of records storage hardware and office systems, that coverage does not extend to the virtual information contained within them — and that's where cyber insurance takes up the cause. A cyber insurance policy is designed to protect the privacy and security of your network, as well as protecting the business owner from the loss, leaks, or theft of personal data (credit card info, license/ Social Security/ ID numbers, bank accounts, health records, passwords) related to clients, vendors, donors, and employees.
Even though a data breach of your business can sometimes be traced to in-house human error or equipment malfunction, most incidences of unauthorized access derive from one of the following events:
- HACKS - widespread viruses and "worms," targeted attacks, or even "back door" access via another company with which you do business
- FRAUD - phishing, spoofing and other scams centered around corporate identity theft
- DENIAL OF SERVICE - employing ransomware and other means of disruption
In addition to posing a serious and immediate problem to your business, a data breach is a law enforcement issue, with New Jersey businesses and organizations required to report such incidents to the NJ State Police Department of Law and Public Safety, in compliance with the state's Data Security and Breach Notification Act.
Cyber attacks do more than just damage electronic hardware and digital infrastructure — they damage confidence in your business, when it comes to the people who do business with you. Companies of all types and sizes have been victims of cyber attacks — from major retailers (Home Depot, Target, Whole Foods) and restaurant chains (Arby's, Chipotle, Wendy's), to healthcare networks (Blue Cross/ Blue Shield), credit rating agencies (Equifax), and some of the giants of modern media and communications (eBay, Sony, Verizon, Yahoo)…not to mention governmental agencies like the Securities and Exchange Commission and the IRS.
Data breaches can often involve upwards of 20,000 individual data items at a time, at an average cost of over $200 per item to repair — and a strategy of damage control that involves expert assistance in the areas of credit monitoring, identity theft resolution, data analysis and more. As the average cost of a single large-scale data breach incident approaches 1.5 million dollars, it goes without saying that such a level of response is out of reach for a small to mid-sized business — and that just one significant hack can strike a fatal blow to a "mom and pop" or home-based operation.
How Cyber Insurance Has You Covered
A cyber insurance policy works to protect your business on both first party and third party fronts.
- First party coverage means that you and your business are protected when your data is hacked or stolen — and it encompasses not just the costs of data recovery and restoration, plus the all-important cost of notifying affected parties in the event of an attack, but also the costs that derive from the damage to your reputation. These include public relations crisis management (including advertising costs), legal and professional fees, and assessed loss of income. Victims of a ransomware extortion scheme can also claim crime-related losses — and the protections extend to incidents caused by human error, or such accidents and natural disasters as storm-related power surges.
- Third party coverage protects you from liability when a customer or client incurs losses or damages in the event that your business is responsible for a data breach or other cyber attack. Protections extend to the compromising of copyrights, trademarks, registered domain names and other proprietary assets; liability in cases involving shared data (via email, social media, etc.); the payment of fines, judgments and settlements or associated bank/ attorney fees, and costs related to the subsequent enhancement and reinforcement of the affected network's security systems.
“In New Jersey as in most states, Cyber liability insurance does not cover hard-copy files, negligence, losses incurred by an outside vendor," explains Stanford. "As a business, purchasing a cyber liability insurance policy is your best protection in civil cases involving issues of invasion of privacy, copyright infringement, defamation, breach of confidentiality.”
The Future of Your Business Depends on Cyber Security
Even the most traditional "brick and mortar" business intersects with the digital world at some point, whether it's your business banking, purchasing, inventory, or day-to-day transactions with your customers and vendors. No matter what business you're in, the secure operation of your livelihood — and the trust of your loyal clientele — stand to benefit from the knowledge that you've safeguarded against the very real possibility of unauthorized access, data theft, and malware attacks.
As Scott Stanford explains, "cyber insurance can be a low-cost add-on to an existing commercial liability policy, or written on a dedicated standalone policy.”
The realization that cyber attacks can happen to any size or type of business, and at any time, can serve as inspiration to take preventive measures that lessen your vulnerability to such occurrences — precautions that come recommended by security professionals in both the public and private sphere. These include consultation with data security experts to assess the integrity of your network; creating an in-house strategy for dealing with data breach issues before they occur, and using data encryption software — in addition to conducting regular data backups, taking the opportunity to update software (operating systems, browsers, firewalls, office apps) as frequently as possible, and limiting access to your networks from personal devices, external drives, and other remote points of entry.
Most important of all, make a date to consult your Trusted Choice independent insurance agent about the advantages of adding cyber insurance to your existing business coverage. Ask about the range of protections available to the growing number of business owners who operate out of their home — and learn how cyber insurance can be one of the most crucial components of your business toolbox.
© 2022, Consumer Agent Portal, LLC. All rights reserved.