Less than 37 percent of small business owners feel they have adequate cyber liability insurance protection, according to a new study conducted by The Hanover Insurance Group, Inc., and Forbes Insights.
The National Association of Insurance Commissioners (NAIC) has identified the main cyber risks as:
• Identity theft from security breaches of sensitive information when stolen by a hacker or
inadvertently disclosed, including Social Security numbers, credit card numbers, employee
identification numbers, drivers’ license numbers, birth dates and PIN numbers.
• Business interruption from a hacker shutting down a network.
• Damage to the firm’s reputation.
• Costs associated with damage to data records caused by a hacker.
• Theft of valuable digital assets, including customer lists, business trade secrets and other similar electronic business assets.
• Introduction of malware, worms and other malicious computer code.
• Human error leading to inadvertent disclosure of sensitive information, such as an email from an employee to unintended recipients containing sensitive business information or personal
• The cost of credit monitoring services for people impacted by a security breach.
• Lawsuits alleging trademark or copyright infringement.
Cyber Risk Management
The primary defense against cybersecurity loss is a well-designed and conscientiously maintained risk management program. The first step in such a program is to identify your firm’s vulnerabilities, including systems, procedures, programming and personnel. The next step is to control those vulnerabilities as much as possible.
Here is a short, practical checklist:
1. Make sure all company computers have the latest security software, web browsers and operating systems to protect against viruses, malware and other online threats.
2. Turn on automatic software updates, if that’s an option. Many updates specifically address known security risks.
3. Scan all new devices, including USB devices, before they are attached to the network.
4. Use a firewall to keep criminals out and sensitive data in.
5. Use spam filters. Spam can carry malicious software and phishing scams, some aimed directly at businesses.
7. Know what Personally Identifiable Information (PII) you’re storing on your customers, including where you store it, how you use it, who can access it, and how you protect it. Delete any unneeded information.
No matter what firewalls, software and authentication protocols you’ve installed, your cybersecurity system is vulnerable if you’re not educating your employees on avoiding risky behavior online. The Workplace Security Risk Calculator, available free at https://bit.ly/2JOFGgL, lets your employees gauge the level of risk their online behaviors pose. You can get more good advice from the National Cyber Security Alliance, a nonprofit public/private alliance that fosters cybersecurity and privacy for individuals and businesses. Check out their website at https://staysafeonline.org.
Cyber Liability Insurance Policies
Even with a cybersecurity plan in place, your business still needs a failsafe to protect it against cyber risk. Currently, most standard commercial lines policies do not provide coverage for cyber risks. You need a special cyber liability policy. Due to the lack of actuarial data, however, it’s difficult to price. Insurers deal with this by evaluating each insured according to its risk management procedures and risk culture. As a result, cyber risk coverages are more customized and, therefore, more costly.
The type and cost of cyber liability coverage offered by insurers is based on the type of business, its size and geographical scope, the number of customers it serves, its web presence, the type of data it collects and stores and other factors, including its risk management and disaster response plan.
Cyber liability policies might include one or more of the following types of coverage, according to the National Association of Insurance Commissioners:
• Liability for security or privacy breaches. This would include loss of confidential information by allowing, or failing to prevent, unauthorized access to computer systems.
• The costs associated with a privacy breach, such as consumer notification, customer support and costs of providing credit monitoring services to affected consumers.
• The costs associated with restoring, updating or replacing business assets stored electronically.
• Business interruption and extra expense related to a security or privacy breach.
• Liability associated with libel, slander, copyright infringement, product disparagement or reputational damage to others when the allegations involve a business website, social media or print media.
• Expenses related to cyber extortion or cyber terrorism.
For more information about cybersecurity insurance, please contact us.