Many small business owners are unaware of the high cyber liability risk that they pose in today’s digital world. Oftentimes, we hear businesses who think they are too small to be targeted by cyber criminals or that they don’t store enough personal information to need coverage.
Like several insurance coverages, it often takes a loss to recognize the need for adequate coverage. Here are just a few reasons why it is critical for all businesses to carry cyber liability coverage:
- Data breach recovery is expensive. Even if you aren’t storing customer data, businessowners store their employee names, dates of birth, driver’s license number, social security number, etc. When your system is hacked, there are several expenses that drive up the cost of recovery:
- Business interruption – Businesses must often temporarily close while investigating the source of a breach, leading to decreased revenue and productivity.
- Security overhauls – Updating or implementing a new security system costs a great deal in software, infrastructure and personnel. It also requires training staff in new policies and procedures.
- Lost trust – Companies who experience a data breach often have to rebuild goodwill with customers and may see a decrease in revenue as they have broken customers trust in their ability to safely store date.
- Cyber liability is excluded on a general liability policy. While general liability covers bodily injury and property damage, electronic data is not tangible property – and therefore excluded.
- Getting a system back up and running after a hack is a tall task. Forensic investigation coverage on a cyber liability policy will cover the legal, technical and forensic services required to assess damages after an attack.
- Cyber extortion is becoming more and more common. Coverage for extortion reimburses the costs associated with payments to extortionists who threaten to disclose or destroy sensitive information.
- Fraudulent impersonation is becoming more common. Coverage responds if you have inadvertently, in good faith, transferred money, securities or other property due to an instruction received by an imposer.
Claims Examples
- A pharmacy accepts credit card payments on their point-of-sale system. A virus infects the system and the credit card numbers are stolen.
- The pharmacy must provide data breach notification to its customers. Credit monitoring is also necessary for any affected parties.
- They likely will have to employ forensic investigators to determine the extent and severity of the breach.
- Customers who have been victims may bring civil suit for damages.
- The pharmacy may be subject to regulatory action for failing to adequately protect information.
- An auto repair facility uses computer equipment to read data from electronic systems in cars to diagnose problems. An employee accidentally downloads ransomware that locks the hard drive and encrypts the data tiles on the hard drive. A hacker then demands a ransom before unlocking the system.
- The company must pay the ransom to get access to their information.
- Data loss experts must come in and try and recover the information on the hard drive if it is not released by the extortionists.
- Due to a breach in their system, the auto repair facility loses income while they cannot operate.
- A design firm is attacked by a remote access hacker. The hacker connects to the company’s computer and changes the bank account information for the company’s suppliers. The firm unknowingly sends payment of $100,000 to the hacker.
- An employee of a small business receives an email that appears to be from the president of the company telling the employee to wire $25,000 to one of the businesses vendors. The employee follows the directions in the email and later learns that the email did not come from the company’s president but was instead a phishing email.
- A real estate broker receives its phone bill and is shocked to see it has increased more than $10,000 the past month. When the telephone company sends out an engineer to check settings, it finds that someone has gained access, piggybacked a line on to the system and has been using that line for long-distance calls.
No matter your size or industry, every business has a cyber liability exposure. If you would like a proposal for your business, please don’t hesitate to contact us.