Nearly every single business that operates now uses some kind of technology to help them function.
Some use computers and tablets, others just their smartphones, or a company website. Even the least expected, like construction companies and other contractors, use computer systems to produce bids, track employees, materials or job sites. Accounting and law firms rely heavily on their computer systems to meet their daily demands and store sensitive information. Online retailers rely on technology to reach their potential consumers, take payments and track their company’s progress.
With this increased reliance on technology, certain dangers have also been increasing. The most common of these we see covered in the news regularly, i.e. data breaches. Affecting millions of people at a time, these huge scandals make national headlines and serve as a warning to other big companies. But is Cyber Insurance just for big companies with lots of identification?
A small business owner might think, “My business does not have any useful data” or “We are too small to be a target”. These mindsets are the result of a dangerously false sense of security and often lead to the rejection of Cyber Insurance.
But why would a small company with a seemingly insignificant amount of client information need to worry about a data breach?
Let's give you 10 good reasons:
Bricking is basically when the firmware (the code that makes the device function) is corrupted to a point where it essentially becomes a brick. This can happen as the result of a hacking, power outage during a firmware update, a malicious operator within the company, or a host of other ways.
Bricking can affect a whole computer system destroying thousands or even hundreds of thousands of dollars worth of electronic equipment.
A Commercial Property Insurance Policy does NOT cover this type of damage, even if it says, ”Cyber Insurance” in the print. Proper coverage can be found however on a separate Cyber Insurance Policy.
#2 Harm or Damage to Others
This is what most people think of when they hear “Cyber Insurance”. That’s because the focus in the big data breach stories is often on the number of exposed records and trying to tie a dollar amount to each one. While these situations can definitely be expensive, there are far more damaging scenarios that don’t make it into the news cycle.
We have all heard of the Target Data Breach. Who most of us haven’t heard of is Fazio Mechanical.
Fazio Mechanical was the third party contractor whose compromised system led to the huge Breach at Target.
I don’t know the full financial impact that this had on Fazio or if they had insurance to cover the loss, but I do know one thing. Any General Liability policy in force is now likely to exclude this kind of event.
A good question to ask yourself at this point is how many clients or vendors’ third party systems does your company interface with?
Cyber insurance policies cover third party liabilities.
#3 Loss of Operating Income
Could your business survive if your ability to earn revenue was turned off for a week? What about a month? Three to Six Months?
This can happen to a company of any size if it suffers a network attack or failure. The business would have to replace or rebuild its entire network including all of the company’s data. Ransomware attacks, firmware failures, and data encryption can cripple a business’s ability to earn revenue.
Normal Business Income Insurance Coverage found on a Property Insurance Policy will EXCLUDE (no coverage) any type of cyber-related event. A Cyber Insurance Policy wouldn’t.
#4 How Much Is Your Reputation Worth?
If your company suffered a data breach, what would that do to your reputation? Studies show that loss of customers is one of the biggest ways that businesses lose income as a result of a data breach. In Ponemon Institute’s 2019 Cost of a Data Breach Report, they estimate that about 36% of the cost of a data breach comes in the form of lost income from the business.
An important question that must be asked then is how much would a campaign to fix your business’s image and reputation following a data breach cost you? This expense can be covered by a Cyber Insurance Policy.
Many states have implemented laws that declare how long a business has to notify its customers of the breach until they begin to be assessed fines for non-compliance.
How many businesses are capable of continuing normal operations while compiling and mailing potentially thousands of letters and then training employees on how to properly field the enormous amount of phone calls that are guaranteed to come flooding in after the letters are received?
Most businesses would likely have to hire a professional firm to help them draft the letter, print and mail the letter, and a call center to help field the calls. A separate Cyber Insurance Policy could cover that cost.
#6 Forensic and Investigation Costs
One of the first things that must be done if you find that your business has been compromised is to discover how it was compromised, what damage was done or what information was stolen. Many small and medium-sized businesses cannot do this kind of analysis which necessitates hiring a third-party vendor to come in. This can be a significant cost that is covered in a separate cyber liability policy.
#7 Regulatory Fines & Penalties
Most businesses are regulated in one way or another. The FTC (Federal Trade Commission) for example enforces federal privacy and data protection regulations. The Department of Health & Human Services Office for Civil Rights enforces regulations such as HIPAA.
Both of these institutions have the power to levy heavy fines for not protecting the Personally Identifiable Information of their customers. These fines and penalties can be significant and vary depending on individual situations.
#8 Fraudulent Transactions
A quick example of a fraudulent financial transaction is when a bank receives a request to send a wire transfer from a client of $650,000 through email. Included in the email is a phone number to verify the wire. The bank calls the number and the person on the other end sounds like the customer and confirms the wire. The bank sends the wire only to find out that it was a fraudulent request and they are now out $650,000.
This kind of scam is becoming commonplace and banks are not the only targets in these schemes. Criminals are doing their research and finding as much as they can about their potential targets using online social interactions. They often hack into their victim’s email accounts and observe the way they communicate with their colleagues. They can then duplicate the manner of communicating and trick unsuspecting employees to voluntarily sending transfers.
Imagine walking into your office one morning and turning on your computer. As it boots up a message pops up on the screen explaining that your system has been taken over and important files encrypted. You can have the key to the encryption if you will wire a certain amount of Bitcoin to an account number. This is a very frustrating and popular method of Cyber Crime.
Whether you pay the ransom or if you choose to try to recover the files, there is going to be a big expense at the end of the day. How do you plan on paying for it?
#10 Social Media & Websites
Many businesses have an online presence. They run ad campaigns, interact with customers, post information, sell items, collect payments and much more. What happens if you post incorrect information? What if a customer or competitor brings a suit against your company for defamation? Trademark or copyright infringements? All of these are situations that could land your business in hot water. Even if it is inadvertent. These specific situational accidents can be fully covered by a proper, comprehensive cyber insurance policy.
Cyber Insurance is one of the wisest decisions a business owner in our growing technological world can make.
If you look at every Business Insurance Policy you will see that the coverages almost always have the same name or description from one insurance company to the next.
This is not the case with Cyber Insurance. They are built from scratch and the coverages are tailored to each individual business. This makes them much more effective and valuable to business owners than the token cyber coverage at the end of a BOP.
Besides the ever-increasing possibility of facing a data breach, one of the biggest dangers to you is paying for an insurance policy that does not properly cover your business. A cyber liability policy specifically tailored to your business needs is really the only way to safeguard against the tricks and schemes of hackers and online thieves. Do the smart thing and get your business properly covered.