Is Your Business Covered for Cyber Attacks?
The risks of doing business in the online world are growing by the day. It seems every other week, we hear about another major organization that has suffered from a data breach. In fact, it seems even the political parties cannot seem to keep their sensitive data protected from security breaches. If organizations with multi-million dollar budgets are not secure from online threats, it is safe to assume that none of us are totally protected.
I have business liability insurance, so I’m already covered, right?
There is a common misconception that your garden variety business liability insurance policy will cover a cyber-attack. This is simply not the case. In today’s digital age, information moves at such a rapid pace, and the online landscape is continually evolving. This makes it highly challenging for business insurers to underwrite cyber-coverage into their standard liability policies. There may be a rider available that can be added to this type of policy, and that is definitely worth inquiring about, but do not assume you are automatically covered, because it is almost certain you are not.
I am not a bank or financial institution, so cyber criminals will probably not target me, right?
Wrong. Regardless of the size of your company and the type of business you do, if you have a website that has any kind of online visibility at all, you are likely to be targeted. And even if you are not in the financial services industry, you may still accept online payments for your products or services. Beyond that, you may also have customer/client lists you keep in a cloud somewhere that have personal information cyber criminals can use to target those you do business with. The bottom line is every business with a digital presence will probably be attacked at some point; and when that happens, hopefully your security is sufficient to prevent a breach. But as we have seen with some of the bigger players, this is a lot easier said than done.
My online transactions are handled by a third party, am I still responsible for data breaches?
Unfortunately, the answer to that is yes, you may be. Though the third party is in charge of securing their system to prevent a breach, you are ultimately responsible if the personal information of one of your customers is compromised. So for example, if you use a payment system such as PayPal and their systems are broken into, both you and PayPal could end up being responsible if cyber-thieves steal your customers’ financial data.
My IT guys are in charge of my security, so they will keep on top of everything, right?
Maybe. But keep in mind that major companies who spend millions of dollars on cyber security still have their systems broken into sometimes. And these companies typically employ several dedicated IT professionals who are charged with monitoring their systems 24/7. Most small businesses cannot afford this level of dedicated support. More likely, you might have one or two IT people in-house, or an outside firm that monitors the systems for you and several other clients. Even if your people are the best in the business, you still cannot expect them to be on top of everything all the time.
I want to know more about cyber insurance, but where do I start?
Cyber insurance is a relatively new and evolving product. As mentioned previously, many standard business insurers are hesitant to underwrite it. The best place to start is to speak with an independent business insurance broker. Independent agents work with several of the top insurance carriers in your state. And since they are not captive to any one insurer, they are able to do the shopping for you and find the policy that best fits your specific needs and budget.