5 MYTHS ABOUT CYBER LIABILITY INSURANCE

Cyber is only for online businesses or web stores taking online payments. FALSE

Cyber liability coverage protects the business in the event it exposes any personally identifiable information. The protection ranges from liability (of course in case someone sues), regulatory compliance defense, IT forensics investigation, extortion of data, business interruption due to cyber event, repair/replacement of damaged data, reputation and brand protection, legal defense, public relations, and expert breach consultation. In fact, architects and developers have purchased the coverage to protect privileged business information about other high profile businesses. For instance, if McDonald’s has contracted with a local developer to build a new store, they may not want that information getting in the hands of competitors. Cyber policies can even include coverage for exposing protected business information.

My credit card processing company is responsible for notifying my customers if a data breach occurs. FALSE

This is something most insurance experts hear far too often and one of the biggest myths of them all. States have privacy data breach laws that require businesses to notify an individual when the business has breached a customer’s information. Think about it this way; if your business was not there to take the customer’s information, then it would have never ended up in any other system.

Let’s say the credit card processing company is hacked and all of your customer’s credit card information is stolen. The credit card processing company has a duty to notify their customers, i.e. your business and other businesses that use their services. Your company then has a duty to notify all of your customers until the affected customer has been notified. Some states require businesses to offer credit monitoring for up to three years after the incident. Notification duties fall on the entity initiating the transaction regardless of where information is then subsequently stored.

 

I have a small business; nobody cares to hack my data. FALSE

Most small businesses are more vulnerable than their larger counterparts simply due to the lack of money and man power available to thwart potential threats. Often times, the smaller businesses are contracted out by larger companies which usually do not have the proper controls in place. Take for example the following data breach: A 17-year-old high school student from the Ukraine created a malware program and infiltrated a refrigeration company’s IT system. The refrigeration company happened to be contracted about by Target Corp. (TGT: NYSE) to monitor the coolers in their stores. The malware program was able to bypass Target’s security system and hack 70 million customer records and 40 million credit cards.

 

There has been a steady increase in the amount of cyber extortion incidents. Hackers realize that the business’ information is most valuable to the business owner. So hackers are now holding computer systems/servers and company data hostage in exchange for ransom. In most cases, a cyber policy will cover the costs of this type of business extortion.

 

I can barely afford my current insurance policies; this is just another product I’m being sold. FALSE

Insurance professionals are held to the same ethical standards as any other profession. Except in most cases if an insurance professional fails to offer coverage, the agent’s E&O insurance could end up becoming the client’s missing liability policy. It’s important to understand the benefits of the cyber liability product before you check the ‘REJECT COVERAGE’ box. An average data breach event for a typical small business generating under $5M in revenues costs $65,000. The average cost of a cyber policy for the same business with $500,000 limits is around $750 annually. When comparing the two costs, it would take approximately 86 years at $750 annually to equal the cost of one potential data breach.

 

It can’t/won’t happen to me…FALSE, FALSE, and MORE FALSE

If you believe you have the best IT security system or that you will never be a victim of a data breach event, then you will mostly likely end up becoming part of the growing statistic: 60% of SMB’s that lose their data will shut down in 6 months. Even if you were able to afford the cost of the data breach, will your business sustain if you lose revenues due to a tarnished reputation. Target lost 46% of their revenue after the breach occurred due to customer mistrust. Could your business take a $65,000 hit in addition to losing more than 46% of revenues all in the same year and still survive?

 

Read: NY insurers, banks prepare for February cybersecurity deadline

 

Cyber security continues to be the largest growing threat to small and medium sized businesses year after year. As the environmental exposures around your business increase, so too should your protection. Many people still consider their General Liability policy or Business Owners Policy to be the ultimate form of protection. When your industry becomes the next target of data breaches, will it be you or your competitors who are better equipped to handle? Contact a Blankit professional so you can answer those questions confidently.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *