These days it seems there's a new story every day about a successful or attempted cyber attack. This activity continues to be among the world’s fastest growing criminal threats, and poses a challenging decision for companies considering adoption of the “bring your own device” (BYOD) trend in which employees use their personal mobile devices such as tablets, phones, and laptops to conduct company business.
Allowing employees to use personal devices has both benefits and drawbacks, particularly in industries such as insurance where many employees are traveling, out in the field and carry sensitive information. On the one hand, allowing the use of personal devices for work can be cost effective, efficient and streamline employees’ access to information. On the other, it may create several potential challenges and risks.
This provides an opportunity for agents and brokers to help clients protect themselves against these risks by advising on the proper insurance, combined with a smart risk management strategy to protect against the exposures associated with the BYOD trend.
Knowing & Managing the Risks
There are a variety of benefits to companies that allow employees to use their own devices for work purposes, each of which can help impact the bottom line. First, allowing employees to use their personal phones, laptops and tablets eliminates a potential cost to the company: The organization does not need to provide these items to employees who are traveling, regularly in meetings, or working remotely. Additionally, this ability to stay connected creates higher productivity and makes it easy to stay on top of work and important issues despite being away from the office.
Being able to use personal devices also supports better customer service, as employees are enabled to respond to client needs in real time.
The threat of cyber crime is a reality all companies face today, regardless of whether or not an organization has embraced BYOD. Cyber criminals can get through a company’s firewalls, send viruses and hack into company-wide or individual accounts. However, organizations can put certain protections in place to minimize the likelihood of breach and monitor those protections closely. With personal devices, however, companies have significantly less control over how or where the device is used and lack the oversight that exists with in-office technology.
That lack of oversight can translate into increased likelihood of personal mobile devices being hacked. Typically, companies will require employees to use sophisticated passwords and will ensure any confidential information is also kept secure by password protection and limited access.
Employees today are also commonly storing information in their personal cloud to access it from their mobile device. According to data from network security firm Fortinet, 89 percent of young workers have personal cloud storage. Seventy percent of those individuals use that storage for work-related files, and 33 percent store customer data on their personal cloud, allowing them to gain access to it from their mobile devices.
Hacking and viruses aside, an equally damaging threat is simple theft. Roughly 1 in 3 robberies in the U.S. involve mobile phones, according to the FCC. Laptops and tablets are also frequent targets for criminals. Once a criminal has a physical device, any information contained within it–or available through it–is at risk of exposure.
When criminals secure confidential information, it puts the company at risk for not only corporate data and information being exposed, but also for clients’ personal information to be comprised or stolen, allowing criminals to potentially commit identity theft.
Supplying a series of best practices for employees who choose to use their own devices can be one way to help manage exposures. Simple steps, such as enabling auto-lock on devices, adopting passwords that combine letters, numbers and symbols and ensuring employees keep the devices in a safe place at all times can go a long way in minimizing risks for hacking and theft. In addition, requiring employees to engage with the corporate IT department can help them not only understand the exposures their mobile devices present, but will also give them the resources they need to put the best possible protections in place.
In the event a laptop is stolen, a phone misplaced, or an account hacked, cyber risk insurance policies can serve as a safety net. From providing the resources needed to stop and investigate an incident to delivering necessary financial support, cyber risk coverage can help companies minimize both their financial and reputational risks.
The Key to Selling Cyber: Custom-Tailored Solutions
Cyber liability policies can cover a range of costs associated with data and computer security breaches, including, legal and regulatory defense costs, fines and penalties, breach notification expenses, legal assistance to help manage a breach as well computer forensics to determine the scope of a breach. Additionally, some cyber polices will also include coverage options for business interruption expenses related to cyber events, cyber extortion expenses, data restoration costs as well as media liability coverage. To offer clients the best cyber solutions, it is important that agents partner with insurers that offer specialized cyber coverages and expertise, combined with a variety of tools to help insured manage their risks.
Today, cyber coverages address a wide range of risks associated with different sizes and types of businesses. The best insurers will offer flexible solutions that include standalone policies for mid-sized to Fortune 500 companies or as an add on to other policies, for smaller companies buying a Business Owners Policy. The best policies offer tailored industry solutions for organizations with unique risks such as financial institutions and technology companies.
Unlike other policies, in addition to a risk manager, producers may need to speak with a broad range of executives at a company to help them understand that cyber coverage can help to minimize both their financial and reputational risks, including a chief technology officer.
By highlighting risk management trends such as the challenges and benefits of BYOD, producers will help add value to clients and potential clients, positioning themselves as true risk professionals that can help institute best practices and manage exposures.
Timothy C. Francis is Second Vice President for Travelers Bond & Financial Products in Hartford, Conn. Francis leads Travelers’ Business Insurance Management and Professional Liability initiatives and serves as Enterprise lead for Cyber Insurance. Contact him at firstname.lastname@example.org.