Have you heard of cyber insurance?
In recent years, the demand for cyber insurance has increased significantly in response to sharply heightened risk awareness. However, managing cyber risks through insurance are relatively new. Although the market for cyber liability insurance is off to a good start, it is expected to grow dramatically over time as businesses gradually become more aware that current policies do not adequately cover cyber risks. With each announcement of a system failure leading to a significant business loss, the awareness grows. This growing awareness has stimulated demand for cyber liability insurance products.
As data breaches occur more frequently, there are additional pressures for business to step up efforts to protect the personal information in their possession. Cyber-attacks may come from nation states, terrorists, criminals, activists, external opportunists and company insiders (both intentional and unintentional). Cybercriminals attack to gain some political, military or economic advantage. They usually steal money or information that can eventually be monetized, such as credit card numbers, health records, personal identification information and tax returns.
Cyber risks include:
Identity theft as a result of security breaches where sensitive information is stolen by a hacker or inadvertently disclosed, including such data elements as Social Security numbers, credit card numbers, employee identification numbers, drivers’ license numbers, birth dates and PIN numbers.
Business interruption from a hacker shutting down a network.
Damage to the firm’s reputation.
Costs associated with damage to data records caused by a hacker.
Theft of valuable digital assets, including customer lists, business trade secrets, and other similar electronic business assets.
Introduction of malware, worms and other malicious computer code.
The human error is leading to inadvertent disclosure of sensitive information, such as an email from an employee to unintended recipients containing confidential business information or personal identifying information.
The cost of credit monitoring services for people impacted by a security breach.
Lawsuits alleging trademark or copyright infringement.
The majority of small business owners do not even know that cyber liability insurance exists, and you certainly can’t invest in protection if you are not aware of it. The truth is that more people hear about the repercussions of a data breach than they hear about methods of mitigating the damages. Why?
The first reason is that cyber liability insurance is a relatively new product since hacking itself is a relatively new form of crime. Some insurance providers do not offer this coverage, and the providers that do offer it may not advertise it as well as other lines of business.
The second reason is that most people associate cyber crime with large corporations. Remember the hack on Target a few years back? However, while these attacks are highly publicized, it is small businesses that have a greater risk—they just don’t get the same media exposure. This increased risk is often tied to lax digital security, whether due to lack of effort or lack of adequate funds.
Cyber Liability Policies
Most businesses are familiar with their commercial insurance policies providing general liability coverage to protect the business from injury or property damage. However, most standard commercial lines policies do not cover many of the cyber risks mentioned above. To cover these unique cyber risks through insurance requires the purchase of a particular cyber liability policy. However, the cyber risk remains difficult for insurance underwriters to quantify due in large part to a lack of actuarial data. Insurers compensate by relying on qualitative assessments of an applicant’s risk management procedures and risk culture. As a result, policies for cyber risk are more customized than other risk insurers taken on, and, therefore, more costly. The type of business operation will dictate the type and cost of cyber liability coverage. The size and scope of the business will play a role in coverage needs and pricing, as will the number of customers, the presence on the Web, the type of data collected and stored, and other factors.
Cyber liability policies might include one or more of the following types of coverage:
Liability for security or privacy breaches. This would include loss of confidential information by allowing or failing to prevent, unauthorized access to computer systems.
The costs associated with a privacy breach, such as consumer notification, customer support and costs of providing credit monitoring services to affected customers.
The costs associated with restoring, updating or replacing business assets stored electronically.
Business interruption and extra expense related to a security or privacy breach.
Liability associated with libel, slander, copyright infringement, product disparagement or reputational damage to others when the allegations involve a business website, social media or print media.
Expenses related to cyber extortion or cyber terrorism.
Coverage for expenditures related to regulatory compliance for billing errors, physician self-referral proceedings and Emergency Medical Treatment and Active Labor Act procedures.
Securing a cyber-liability policy will not be a simple task. At a minimum, the insurer will probably want to know about antivirus and anti-malware software, the frequency of updates and the performance of firewalls and antivirus. /antia anmalmalware software, the frequency of updates and the performance of firewalls.