As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
It's important that business owners acknowledge that cybercrime is an issue and that it can affect businesses ranging anywhere from small, single-proprietorships to enterprise-level organizations. One of the most common mistakes is to avoid dealing with this growing and pervasive threat. Most small to medium sized businesses most likely do not have the resources to deal with or recover from a serious data breach on their own. It's important to consider transferring some of this business risk through implementation of a robust Cyber Insurance program. In the case where a business has cyber insurance coverage, a carrier that both has the resources and expertise to deal with a cyber event will be able to assist an insured in dealing with any potential incidences.
I'm often asked to provide scenarios where Cyber Insurance may be deciding factor for whether or not companies are able to recover from otherwise potentially disastrous cyber breach/cyber crime events. These are a couple of examples that hopefully shed some light on the protections that cyber coverage could provide.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach. How many other businesses do you know that outsource their data storage/management to a third-party cloud service provider? It's more than likely that this company would have their own coverages but what happens if their cyber insurance limits aren't enough to cover a catastrophic data breach? Having one's own dedicated coverage limits and resources may quickly become critical as well.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage. Often times, businesses are also responsible for setting up call centers, credit monitoring services, and client notifications once a data breach has occurred for the benefit of their clients. Business owners must ask themselves whether their business is prepared to take on this task on its own?
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response. Oftentimes, prospective insureds will fail to realize that a key component of their insurance coverage is the legal services/defense that a carrier will provide should a cyber event occur. This expense is not one to be lightly discounted.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data center to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data center was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies can offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses. It is also possible to obtain coverage for other common cyber crime events such as "bricking" and ransomware attacks.
Please keep in mind that there are many nuances to cyber coverages and differences between coverage offerings since it is a rapidly evolving segment of the insurance markets. It's common to see new features and coverages being offered by any number of carriers as they attempt to keep pace with the growing needs of the marketplace. If you're thinking about whether or not you need cyber coverage, it's a good indication that you do. Please also note, that cyber insurance will never replace good cyber/data security practices and prevention measures for your day-to-day operations!