WHAT IS CYBER INSURANCE?
Cyber Insurance is an insurance policy that protects your business from losses resulting from a cyber event that causes harm to either the business itself, third parties, or both. These events include data breaches due to hackers actively trying to gain access to a database, unintentional malware, user error, cyber extortion, misuse of website and/or intellectual property infringement. Cyber insurance covers both first and third party damages up to a certain limit, and in rare cases these policies include no retroactive date ,which means coverage is valid to the first day of business- not the first day of the policy. This is important because most breaches aren’t discovered for weeks, months, or even years after they have occurred. ECBM is proud to say that it is one of a small group of brokers who has access to no retroactive date cyber insurance policies.
To learn more about what types of damages and expenses a Cyber Insurance policy covers in the event of a security breach, click here.
DID YOU KNOW?
Liability for loss of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability may provide a measure of coverage for those areas; however, most CEOs discover significant gaps in what is and what isn’t covered after an attack.
A cyber incident will not only bring financial loss, but will do significant damage to the reputation of a company. Companies know they have exposures, but they are uncertain of the specific exposures they face. An IT department cannot be the sole source for defending against cyber risk.
WE ARE ALL AT RISK
A recent study by the U.S. Secret Service and Verizon Communications found that 72% of all data breaches it studied occurred within small businesses. A survey last year of executives at 500 U.S. companies of varying sizes found that 76% had had a cyber security incident within the past 12 months resulting in the loss of money, data, intellectual property or the ability to conduct day-to-day business, according to the Computing Technology Industry Association, an information-technology industry trade group. About half of those cases were described by the businesses as “serious”.
To learn more about how your specific industry is at risk, click here.
BREACHES ARE EXPENSIVE
Most businesses assume that the only costs associated with a cyber attack are those that involve finding and fixing the breach. Unfortunately, they are unaware of the multitude of fines, penalties, and damages that result when customers’ data is compromised.
According to the Ponemon Institute’s Cost Of a Data Breach study, the average notification costs to US Businesses is approximately $509,237 . Smaller businesses experience approximately a $10- $37 per record notification cost depending on the speed of the notification.
The federal government requires businesses to notify their customers of a security breach if personal information is compromised. Every state has its own law, which can be found here.
Failure to notify according to state laws can result in fines and penalties , some of which can total in the millions of dollars.
DETECTION AND ESCALATION COSTS
According to the Ponemon Institute’s Cost Of a Data Breach study, the average detection and escalation costs total approximately $417,700. These costs usually involve forensic and investigative activities, assessment and audit services, crisis team management, and communications to executive management and board of directors.
CREDIT MONITORING SERVICES
In the aftermath of a data breach, retail stores and organizations are offering their affected customers credit monitoring services free of charge, partly to save face and reestablish trust with the public, but mostly to reduce the number of civil damages that result from stolen identities. Credit monitoring is estimated to cost between $8-$10/record .
In October, the state of California signed a law that requires businesses affected by a data breach to offer their customers credit monitoring services for no less than 12 months. This makes California the first state requiring this type of mitigation, and as California goes, the rest of the country can look forward to this law passing in other states.
OTHER POST-BREACH COSTS
If your business is out of commission as a result of a data breach, lost revenue can add up quickly. Every minute spent identifying and fixing a breach is lost revenue. A cyber insurance policy will reimburse you for this.
PUBLIC RELATIONS AND DAMAGE CONTROL
Depending on the size of the breach, your business by law may have to report it to the media, and thus employ the use of an outside public relations agency to assuage the public’s anxiety over potential identity theft. Public relations services average in the multiple thousands of dollars per month. A cyber insurance policy will pay for these costs.
Depending on your state and the size of the breach, the Government can audit your business’ IT policies and procedures and levy fines and penalties based on the egregiousness of the error. A cyber insurance policy will pay for these fines and penalties. To read actual cases and resolution agreements, click here.
Money spent on legal services during the course of and in the aftermath of a data breach are covered by a cyber insurance policy.