Cyber Security Insurance

Cyber Security Insurance 101—What is it and Do I really need it?
By Lori Linville Cobb CPCU,CIC,CSRM

Unfortunately, data breaches and other cybercrimes are becoming far too common. In the past couple years, data breaches have resulted in major fines and legal fees - not to mention headaches - for a discount retail chain, one of the nation's largest banks, a well-known health insurer, an entertainment network, and the federal government. And like me, it's highly possible you have personally been a part of one of these data breaches! They are infuriating and very unsettling to those compromised.
But it's not just large organizations that are susceptible to being hacked or getting a virus. We mistakenly assume that because a business is "small" it isn't a target, that cyber criminals only go after big business-fortune 500 companies. In fact, it's just the opposite!

Do I need Cyber Insurance? The simple answer is probably yes!! Does your business accept credit cards or other forms of digital payment? Use computers or mobile devices? Keep medical or financial data? Store confidential personal information? If you answered "yes" to any of these, you are a target for a data breach. Cyber insurance is a good way to protect yourself. Did you know that 55% of small businesses have experienced a data breach and that 53% have had multiple breaches? Cyber-attacks are common, and no business of any size is immune from them. A data breach can damage more than just your small-business computer system - it can also damage your reputation and put your customers and/or employees at risk. Remember when I mentioned earlier how infuriated I was when I was caught up on a breach? Your clients will blame you for not adequately protecting their information.
Cyber Insurance-There are a couple of options for getting cyber insurance. In many instances, you can add a minimum amount to your current business policy if your company offers the coverage or get a separate policy that offers higher limits and broader coverage.
Here is what a typical cyber security policy will cover.

Besides legal fees and expenses, cyber insurance typically helps with:

•Notifying customers about a data breach

•Restoring personal identities of affected customers

•Recovering compromised data

•Repairing damaged computer systems

•Cyber Extortion

Most states require companies to notify customers of a data breach involving personally identifiable information- a process that can be very expensive. And, very overwhelming if you don't even know where to start. Not all states require companies to offer free credit monitoring following a breach but doing so goes a long way with public relations.

Other parts of cyber security protection that is available:
Breach cost: Covers costs associated with responding to a breach, such as forensic costs to confirm and identify the breach, costs to notify affected individuals, credit protection services, etc. Did you know the federal government has a long list of requirements that you have to adhere to if you've had a breach? This will check off those boxes.
Cyber Extortion: Covers costs and financial payments associated with network-based ransom demands. With the proliferation of ransomware and anonymous currencies such as Bitcoin, network extortion demands are on the rise. In the digital world, intangible assets are
'kidnapped' and used to extort individuals through threats to shut down a system or divulge sensitive or proprietary information if a ransom is not paid
Cyber Crime: Covers financial losses associated with social engineering, reverse social engineering, and funds transfer fraud. Social engineering is when someone uses electronic means to impersonate your client, vendor, or employee to deceive your company into transferring or delivering financial assets. Reverse social engineering is when a cybercriminal uses your computer system to deceive your client or vendor into transferring money intended for you to another person or entity.
Business Interruption: Covers lost business income when a company has its network-dependent revenue interrupted. Technology growth has created new business income perils, such as viruses, tech failures, programming errors, and computer hacking, so cyber coverage is needed to pay for interruptions from these events as well.
Data Recovery: Covers costs to replace, restore, or repair damaged or destroyed data and software. In a digital world, property is no longer exclusively tangible, so cyber coverage is needed to pay for intangible data recovery costs.
Privacy Protection: Covers costs to defend and resolve claims regarding the handling of personally identifiable or confidential corporate information. Covers negligence, violation of privacy or consumer protection law, breach of contract and regulatory investigations. Covers issues resulting from the failure of network security, including the negligent transmission of a virus.
Sample Claims Scenarios—here is what could go wrong:

1.A business experienced a cyber-attack that compromised its servers. After hacking into the business' system, criminals used the contacts from the system to launch a ransomware attack against every email address in the insured's contacts. Several of the contacts filed lawsuits claiming the business failed to properly secure its system. Coverage was provided for the costs of hiring lawyers and to settle cases. Paid loss after deductible: $14,000.

2.While trying to balance the books, a business owner received a strange pop-up on his laptop. A ransomware virus locked the system until the extortion demand was paid. After consulting with the insurance carrier, the insured decided to pay the $600 to unlock the system. Paid loss after deductible: $2,400

3.An employee at a retail store's headquarters clicked on a link in a phishing email that appeared to come from a vendor partner. A cybercriminal gained access to the retailer's entire server, impacting its point-of-sale registers. The ransomware attack held the systems hostage, effectively stopping sales from being transacted, until ransom was paid. Paid loss over $25,000

4.unknown actor stole approximately 20 deal jackets from an auto dealership; all contained customers' personal identifying information. The insured provided breach notifications and credit monitoring services to affected individuals. Two customers subsequently made legal demands because of this breach. Paid loss after deductible:

$20,013.

5.The computer system of a business contains large amounts of data on its clients' analytics, including search engine optimization keywords, pay-per-click campaigns, customer databases, etc. The system's security services upgrade lapsed, leaving it more vulnerable to a data breach. The system is hacked, and the media firm is obligated to indemnify its clients for breach costs to notify impacted customers and lawsuits alleging negligence.

How much does it cost?
Well, it depends... but it's not as expensive as you might think. Some companies charge as little as $250 or less to add an endorsement to your current business policy. A separate policy with higher limits and broader coverage can start at around$600-$1000 depending on the size of your business. Cyber insurance is rated on sales/revenue, so the higher your sales, the higher your cost. Cyber quotes have come a long way. With your firm's sales, you can get a quote very quickly. If you have had breach issues in the past, the process will take longer. It's worth it to contact your agent and check on this valuable coverage. As always, we are here to help if you have any questions or need additional information.

Stay safe out there in cyber land!

Berea Office

Richmond Office

Leave a Comment: