Cyber Security Insurance for Businesses
Do you use technology to manage patient records or customer information? Does your company have a website or social media presence to promote your business online? No matter the size of your workforce, if you answered yes to either of these questions, your company is in need of cyber security insurance.
As the country’s fastest-growing form of commercial coverage, cyber security insurance or data breach coverage assists with two basic needs: to repair the damage a hack or network security breach caused and to recover your reputation. This could involve corresponding with customers, compensating them for their losses, assisting with an investigation or paying any legal fees incurred if a suit is brought against you.
Common Misconceptions
Many businesses believe their IT team or third-party hosting service can handle cyber security. However, there are two important factors to consider. First, cyber extortion and ransomware events are two of the most common crimes a business could experience. In these instances, not only will the hacker demand a payment and potentially corrupt your files, but they also take your data and use it to reveal trade secrets, steal customer identities or leak private information. As a result, handling a data breach involves much more than paying off a hacker to get your files back!
Second, hacks don’t just come from faceless outside parties; “rogue” employees have been known to do it internally, often in response to discipline or job loss. Those you trust with company data may in fact be handing it over to a competitor or could intentionally wipe it all away to cover their tracks.
Risks
Because hackers continue to use even more sophisticated methods, insurance experts predict that cyber security claims will continue to rise. In fact, data indicates that such instances have seen double-digit increases since 2013.
Additionally, businesses large and small are at risk for a data breach, especially those in healthcare, retail or manufacturing. Roughly 30 percent of phishing attacks involve companies with less than 250 employees and, according to Symantec’s 2016 Internet Security Threat Report, 43 percent of all cyber-attacks are aimed at small businesses.
Keep in mind that most business liability policies don’t include cyber coverage, as technology and hacking methods are ever-evolving. Only one-third of all U.S. companies have this type of insurance and going without can mean paying thousands in fines and recovering your damaged reputation.
Coverage
Initially, insurers started introducing cyber security coverage through errors and omissions policies geared toward technology companies. But, as computer networks and software became integral to many businesses regardless of industry, the same carriers present these policies as a separate option with four basic parts:
- Errors & Omissions: An option if your operation is strictly based around technology.
- Media Liability: This concerns intellectual property and copyright infringement, as well as libel and slander from online advertisements.
- Network Security: Perhaps the most vulnerable part of your business, any failure leading to a data breach, virus transmission or cyber extortion puts both you and your customers at risk.
- Privacy: Entwined with network security coverage, this coverage encompasses both electronic data and physical records and considers what can happen when a third-party steals and exploits their information.
Considering all of these factors, your cyber security policy provides a combination of first- and third-party coverage, including when:
- Customers or clients sue you regarding a data breach.
- Regulators request information.
- A network hack or shutdown interrupts your business, resulting in the loss of sales.
- You need to notify customers and reimburse them after a breach.
However, to get coverage at a desirable rate, you need to prove to an insurer you:
- Have a risk assessment policy in place that protects against attacks.
- Keep your employees aware about network security risks, including regular education about phishing and social engineering.
An insurer may also conduct its own audit concerning your processes and approach to network security.
Does your Connecticut business lack cyber security coverage? To determine which policy suits your needs best, work with Ion Insurance. To find out more, give us a call at 203.439.2815.