“I know there’s a proverb which that says ‘To err is human,’
but a human error is nothing to what a computer can do if it tries.”
Technology and data have become more and more engrained into the daily life of almost every business. From the ways we accept payment to the way we create floorplans, the advances in technology have changed the way most businesses run. With new technology come’s new risk, and the key to being protected is being informed. Cyber Liability is the risk of a breach to your company’s and clients’ information. The technology you use to run your business, the proprietary information that you save on your hard drive, the customers information that they have trusted you with- they are all vulnerable.
This “Cyber Liability” we face is broken out into two parts.
First Party Liability– This is the liability you have for damage to your own property and records. This type of liability is a result of hackers, viruses, etc. that destroy or steal information from your company. In addition to simply destroying/stealing data there is the possibility of extortion, hackers demanding money not to release private records or delete data. When breaches like this happen the cost of investigating attacks, recreating lost data, and dealing with extortion management can be overwhelming. Those costs are in addition to the affects it can have on your ability to continue business operations. The amounts add up and can take their toll on businesses of any size.
Now if you are thinking “who is going to go after a local/regional business instead of a large company?” you’d be surprised. While the larger companies have much more data and seem like a bigger target, the level of security and data protection they use make them much more difficult to go after. Local businesses can be a less secure, less risky mark for hackers. And while we talk a lot about the anonymous hacker, that is not the only threat to the small business. A very familiar scenario is the disgruntled employee using their credentials to steal from/attack the company servers.
“Many small businesses have been attacked — 44%, according to a 2013 survey by the National Small Business Association, an advocacy group. Those companies had costs averaging $8,700” -USA Today
Third Party Liability– The second part of Cyber Liability is the liability of other’s private information and their systems. If your company were to be attacked and your customers information was stolen, or you were to pass on a virus in an email to a client there could be a whole list of issues to address. There would be the duty to inform those affected, the cost to defend against lawsuits, as well as the unpleasant issues of dealing with upset customers. With the trust given to you by your customers there is an added duty to protect the information they share with you. You also have to be aware of emails and attachments your company sends out, unintentionally sending viruses or malware is another way a company can create a PR nightmare.
Clearly there are a lot of ways that the risks of technology can hurt your business, from the loss of your own records to the damage to your company’s reputation for failing to protect customer data. We have an understanding of the underlying issues, and the good news is there are a number of companies offering groups of coverages to protect you. To help you navigate policies and be able to understand what they’re offering, here is a list of some of the different coverages that might be important to your company.
First Party Liability
- Forensic Investigation- discover how the breach occurred
- Network/Business interruption- mitigate the effects on your operations
- Extortion- negotiating/paying extortion fees
- Data restoration- recreating lost information
- Theft/fraud- covers some costs associated with theft of data/money
Third Party Liability
- Defense costs- defending from third party lawsuits
- Notification Costs- notifying customers of security breach/information loss
- Public Relations- addresses managing company image throughout cyber compromise
- Call centers- can help deal with customers questions and concerns
- Credit/ID monitoring- helps contain breach and monitor use of stolen customer data
- Transmission of virus/DoS- Helps protect against unintentional sharing of harmful files
Things to look closely at when reviewing a policy
- Sub-limits for certain types of protection
- Language- Be sure to check what triggers coverage
- Does the policy specify “intentional breach” or “any failure to protect”(broader)?
- Do they require a “formal suit” to pay defense costs?
- Are there limits on the number of customers they will notify/ credit monitor
- Are acts of a third party covered?
Now that you have an idea of the risks and coverages you might want, you can work with your agent to determine the most likely issues you might deal with and ensure that you are protected.
J.L. Hubbard Insurance & Bonds