What is cyber insurance?
Cyber insurance can help restore employee and customer identities, recover compromised data and repair damaged computers and networks, whether your business is the victim of a data breach, password attack, ransomware or phishing attack.
You could be at risk for a cyber attack. A staggering number of small and medium-sized organizations get attacked each year — many without the support of cyber insurance coverage. And if your systems or data are compromised, it can put you out of business or cause a significant financial loss.
DO YOU NEED CYBER INSURANCE?
Any business that stores data on a network is at risk for a cyber attack. Data privacy attacks now occur every 40 seconds in the U.S.
Without cyber insurance, you could be on the hook for state and federal fines and penalties, a forensic investigation, breach notification costs and even a class action or third-party lawsuit down the road — all hits on your balance sheet.
Cyber insurance covers the following first-party and post-breach expenses:
• Privacy attorney
• IT forensic investigation
• Compliance with state notification laws
• Credit monitoring for breached individuals
• PR firm to manage the crisis
• Regulatory fines
• Class action lawsuits resulting from the breach
There is no standard cyber insurance policy that can be applied to every business, so having an experienced broker will be key to making sure you’re adequately insured.
TRUTHS BEHIND THE MYTHS
Knowledge stands between hackers and your sensitive data. So be aware of these myths to make sure you’re completely informed about cyber insurance.
Myth #1: A small business like mine doesn't need cyber insurance.
Truth: 85% of data breach insurance claims come from small to mid-sized businesses, and more than 60% of those businesses never recover from a data breach. Regularly backing up your data is one way to minimize the damage that can occur if your business is compromised. If a computer is stolen or your network is infected with a virus, for example, the backups can enable your business to get back on its feet sooner.
Myth #2: Hackers aren't interested in my business data.
Truth: Any data that can be monetized, such as credit card numbers, health records and contact information, is an attractive target. And if it's easy to get, the more appealing it is to hackers: even email addresses can be used to lure employees or customers into disclosing personal information. Instruct your employees to not leave laptops unattended in coffee shops or airport lounges and tell them to use unencrypted smartphones to conduct business - and to secure their devices when not in use.
Myth #3: Data breaches are already covered under my general liability insurance.
Truth: No, they are not and general liability insurers are making sure consumers know by amending their policies to state explicitly that losses due to cyber breaches are not covered. But even with cyber insurance, there are steps you can take to reduce the risk of a data breach in your organization. For example, employees should know and understand the dangers of using unencrypted connections via public Wi-Fi hotspots.
Myth #4: IT vendors have cyber security figured out.
Truth: Two-thirds of data breaches are tied to third-party IT vendors. Cyber security and risk management should work in tandem. For greater peace of mind, be sure that you regularly receive audits and reviews from your data security providers. Those reports should include what they are doing to address their cyber security and governance in the event of a breach.
Myth #5: Cyber insurance is too expensive.
Truth: A cyber insurance policy can cost as little as $1,000 annually, whereas crisis response costs following a breach can easily climb well into six-figure amounts. There are also legal costs and settlements to consider. Few events can be more damaging to your business than a full-scale data breach. Having cyber insurance could prove to be priceless when it comes to protecting you and your business.