Cyber Liability Insurance for Small Businesses

Is cyber insurance a major concern for your business?  Maybe you don’t think your company is a potential target for cyberattacks.  As businesses become more connected through internet-connected solutions and remotely accessible systems it creates more opportunities for a cyberattack.

 

Cyber criminals have realized that many different industries have access to proprietary & employee information, rely heavily on their network & electronic data, and will pay ransoms to regain access to their systems.  Information such as employee records, customer lists, bid data, contracts, financial records and a multitude of other data and information is stored on their servers or those of the service providers and venders they contract with. Ransomware attacks have been wreaking havoc across the industry, and most business don’t know that there are laws and regulations that must be followed in the event of a cyber-attack.

 

Many states, including Kentucky and Tennessee, have enacted data breach notification laws that apply to companies in the event of a data breach.  Without a breach response plan, these requirements are virtually impossible to comply with.  A company’s failure to comply with state notification laws can result in costly litigation, fines, the loss of client business, and reputational harm.

 

The “it won’t happen to me” attitude is slowly fading as businesses are forced to close their doors due to the costs associated with a data breach.  Cyber liability coverage as a necessary risk transfer tool that needs to be discussed.

What Cyber Exposure do you have?

Let’s say you receive a notification in the mail that your 3rd party provider has suffered a breach and that some of your customer and employee information was compromised.  You read the letter and throw it away thinking it does not apply to you.  A month later you are hit with federal fines and penalties for failure to notify your customers and employees that their information had been compromised.  Even though you did not directly suffer the breach you are still required by law to notify.

Or on the first Tuesday of every month you send checks to venders.  Just like any other Tuesday, you receive an email with an invoice for last month.  As always you transfer the funds directly into their online account.  The next day you receive another email stating that the funds had been sent to a closed account and directs you to make a new payment to a different online account.  You resend the money to the new account and call to make sure the payment was received.  They tell you they received the original payment yesterday and had not sent a second request.  You realize you have been scammed and immediately try to cancel the online payment, but it has already gone to an undisclosed account, never to be seen again.

The above situations are real life claim examples that I see on a daily basis.  Your business is in the cross hairs and you need to understand the risk.

Think You Already have coverage? Probably Not

In your General Liability and Property forms, there are exclusions when a breach occurs.  There are exclusions for claims of copyright and trademark infringement.  Property coverage will protect your physical computers, but not the data that is stored on them-(Lost data can be costlier than the computer itself!)  Not all “cyber policies” are the same even if you have a coverage in place. Do you know if you have the correct coverage?

Prevalent Examples of Exposures

1. Ransomware/Cyber Extortion

Company’s files & data are held hostage unless a ransom is paid, frequently in the form of Bitcoin.  Any business using email is susceptible to a ransomware attack.  Increasing email communication amongst contractors with their employees, clients, and suppliers makes this an even greater threat.  Cyber insurance policies provide coverage for legal assistance, IT forensics, and extortion payments (even procuring Bitcoin) when a ransomware attack hits.  And if your data is lost in the process, these cyber insurance policies can provide the funds & expertise to help restore it.

2. Social Engineering & Funds Transfer Fraud

Social engineering attacks occur when hackers purporting to be clients, employees, or third parties deceive you or your employees via phone or electronic communication into sending money to a fraudulent account.  Any business that sends funds via telephone or electronically would be susceptible.  Funds transfer fraud is similar, except hackers gain access to your network and send instructions to the bank (pretending to be you) to wire money to fraudulent accounts, without your knowledge or consent.

3. Business Interruption & Dependent Business Interruption

Business Interruption:  If your business was unable to operate normally due to a cyber breach, how would you restore the income lost during that period?  Cyber policies provide coverage to reimburse a business for lost income during an extended outage, along with the costs to repair any damaged or destroyed data in the process.  Dependent Business Interruption:  Businesses are increasingly using cloud-based storage and design platforms to help manage day-to-day operations.  What happens when the platform suffers a breach, their system goes down, and you can’t access your management software for an extended period?  Dependent business interruption coverage can reimburse you for lost income if a third party you rely upon to operate your business is inoperable due to a network security intrusion.

As Companies increasingly rely on technology to perform more day-to-day tasks, and as technology continues to shape the way business is done, the need for cyber insurance will only increase.  Having a better understanding of the exposure and how you can protect your organization through insurance and risk mitigation practices is the first step to insuring against a catastrophic loss that could damage or destroy your business.

Joe Davis is the Director of Cyber Liability for Houchens Insurance Group.  His focus is the development and implementation of Risk Management Programs for Cyber Liability exposures.  Joe advises on best practices as well as reviews carrier forms to negotiate enhancements and endorsements.  He works within various industries including, finance, retail, healthcare, education, construction and manufacturing to identifying risk factors and assist in incident response processes.  He earned his J.D. degree from Nashville School of Law

This article was written by Joe Davis.

 

Joe Davis is the Director of Cyber Liability for Houchens Insurance Group.  His focus is the development and implementation of Risk Management Programs for Cyber Liability exposures.  Joe advises on best practices as well as reviews carrier forms to negotiate enhancements and endorsements.  He works within various industries including, finance, retail, healthcare, education, construction and manufacturing to identifying risk factors and assist in incident response processes.  He earned his J.D. degree from Nashville School of Law