Insuring Your Business against Cyber Threats
All of the costs involved in a data breach may surprise you.
First, you may want to bring in a consultant to ensure you handle the aftermath properly. Then there are notification expenses—47 states require that you notify clients if their information has been compromised. In addition, the losses tied to forensic investigation, credit monitoring services and business interruption all add up.
Cybersecurity is not just a concern for large companies. Many times hackers go after smaller businesses because they often lack the infrastructure and resources to protect from cyber crime. Effective risk management programs have to be developed and monitored to protect against these threats, but that kind of investment may be daunting for many small business owners.
In addition to following information security best practices, cyber insurance (or, more technically, information security and privacy liability insurance) can help protect your business from the financial ramifications of data theft.
Who needs cyber insurance?
You may want to consider cyber insurance if you collect, manage or store private information about clients or associates. Ask yourself these five questions to help identify the risks to your business and determine what kind of coverage you may need.
- What kinds of proprietary information do you keep?
- What kinds of confidential personal information do you have on hand about clients and employees? Examples include protected card information (credit card numbers), personal healthcare information (health records, Social Security numbers) and personal information (name, address, age, driver’s license numbers, etc.)
- What kinds of confidential business information do you have? This could include banking information, revenues, information subject to confidentiality agreements and more.
- In what formats do you keep information? For example, do you have paper files, an electronic database or some combination of print and digital data. How is the information protected?
- Do you employ third parties or outside vendors to handle proprietary information in any way? Do you outsource IT?
Types of coverage
Every business has different risks associated with cyber attacks, so there is no “standard” cyber insurance policy. Two major types of exposures are covered: first party and third party.
- First-party losses are costs to cover the company’s own expenses caused by a cyber crime. Examples include notification, public relations, costs of investigation, data restoration and lost income.
- Third-party losses are costs to cover expenses to others (such as clients and employees) who are compromised or victimized by the cyber crime. Examples include defense costs, judgments and settlements for lawsuits.
Not all cyber insurance or cyber “enhancements” to existing policies are created equal. A thorough examination of the policy’s terms with an insurance advisor is required to identify potential gaps in coverage.