CYBER INSURANCE

 

A RECENT SURVEY BY CHUBB GROUP OF INSURANCE COMPANIES FOUND THAT 65% OF COMPANIES FORGO CYBER INSURANCE- EVEN THOUGH THEY IDENTIFY CYBER RISK AS THEIR NUMBER ONE CONCERN.

 

 

WHAT IS CYBER INSURANCE?

 

Cyber Insurance is an insurance policy that protects your business from losses resulting from a cyber event that causes harm to either the business itself, third parties, or both.  These events include data breaches due to hackers actively trying to gain access to a database, unintentional malware, user error, cyber extortion, misuse of website and/or intellectual property infringement. Cyber insurance covers both first and third party damages up to a certain limit, and in rare cases these policies include no retroactive date ,which means coverage is valid to the first day of business- not the first day of the policy. This is important because most breaches aren’t discovered for weeks, months, or even years after they have occurred.  ECBM is proud to say that it is one of a small group of brokers who has access to no retroactive date cyber insurance policies.

 

To learn more about what types of damages and expenses a Cyber Insurance policy covers in the event of a security breach, click here.

 

DID YOU KNOW?

 

Liability for loss of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability may provide a measure of coverage for those areas; however, most CEOs discover significant gaps in what is and what isn’t covered after an attack.

A cyber incident will not only bring financial loss, but will do significant damage to the reputation of a company.  Companies know they have exposures, but they are uncertain of the specific exposures they face.  An IT department cannot be the sole source for defending against cyber risk.

 

 

WE ARE ALL AT RISK

 

A recent study by the U.S. Secret Service and Verizon Communications found that 72% of all data breaches it studied occurred within small businesses. A survey last year of executives at 500 U.S. companies of varying sizes found that 76% had had a cyber security incident within the past 12 months resulting in the loss of money, data, intellectual property or the ability to conduct day-to-day business, according to the Computing Technology Industry Association, an information-technology industry trade group. About half of those cases were described by the businesses as “serious”.

To learn more about how your specific industry is at risk, click here.

 

BREACHES ARE EXPENSIVE

Most businesses assume that the only costs associated with a cyber attack are those that involve finding and fixing the breach. Unfortunately, they are unaware of the multitude of fines, penalties, and damages that result when customers’ data is compromised.

 

NOTIFICATION EXPENSES

According to the Ponemon Institute’s Cost Of a Data Breach study, the average notification costs to US Businesses is approximately $509,237 . Smaller businesses experience approximately a $10- $37 per record notification cost depending on the speed of the notification.

The federal government requires businesses to notify their customers of a security breach if personal information is compromised. Every state has its own law, which can be found here.

Failure to notify according to state laws can result in fines and penalties , some of which can total in the millions of dollars.

 

 

HACKERS AREN’T THE ONLY THREAT

Sometimes hackers aren’t your biggest worry. Even the simplest of errors can throw your organization into a tailspin.

THEFT OF LAPTOPS, SMARTPHONES, OR PHYSICAL DATA FILES = BREACH

LOSS OF DEVICES CONTAINING SENSITIVE INFORMATION = BREACH

INADVERTENT ERASING OF DATA BY SUBCONTRACTORS = BREACH

UNAUTHORIZED PERSONNEL HAVING ACCESS TO DATA = BREACH

IMPROPER DISPOSAL OF SENSITIVE INFORMATION = BREACH

VIRUSES DOWNLOADED THROUGH EMAIL OR SMARTPHONE APP = BREACH

 

 

DETECTION AND ESCALATION COSTS

According to the Ponemon Institute’s Cost Of a Data Breach study, the average detection and escalation costs total approximately $417,700. These costs usually involve forensic and investigative activities, assessment and audit services, crisis team management, and communications to executive management and board of directors.

 

CREDIT MONITORING SERVICES

In the aftermath of a data breach, retail stores and organizations are offering their affected customers credit monitoring services free of charge, partly to save face and reestablish trust with the public, but mostly to reduce the number of civil damages that result from stolen identities. Credit monitoring is estimated to cost between $8-$10/record .

In October, the state of California signed a law that requires businesses affected by a data breach to offer their customers credit monitoring services for no less than 12 months.  This makes California the first state requiring this type of mitigation, and as California goes, the rest of the country can look forward to this law passing in other states.

 

OTHER POST-BREACH COSTS

 

LOST REVENUES

If your business is out of commission as a result of a data breach, lost revenue can add up quickly. Every minute spent identifying and fixing a breach is lost revenue. A cyber insurance policy will reimburse you for this.

PUBLIC RELATIONS AND DAMAGE CONTROL

Depending on the size of the breach, your business by law may have to report it to the media, and thus employ the use of an outside public relations agency to assuage the public’s anxiety over potential identity theft. Public relations services average in the multiple thousands of dollars per month. A cyber insurance policy will pay for these costs.

REGULATORY INTERVENTIONS

Depending on your state and the size of the breach, the Government can audit your business’ IT policies and procedures and levy fines and penalties based on the egregiousness of the error. A cyber insurance policy will pay for these fines and penalties. To read actual cases and resolution agreements, click here.

$10M Fine Proposed Against TerraCom and YourTel for Privacy Breaches

LEGAL EXPENSES

Money spent on legal services during the course of and in the aftermath of a data breach are covered by a cyber insurance policy.