Data breaches pose one of the most pressing and potentially devastating risks to businesses across the globe.
The significant financial and reputational damage resulting from a hack can impact the entire business on an unprecedented scale. The problem is increasingly widespread in our hyper-connected world, and according to the Identity Theft Resource Center, 781 data breaches were recorded in the United States in 2015, the second most active year in the past decade.
These threats continue to grow at an exponential rate, and cybercriminals are becoming increasingly sophisticated in their methods of attack. Now more than ever, it’s imperative that businesses both large and small go on the offensive to safeguard the sensitive information of their employees, partners and customers by taking the proper preventive measures and implementing a comprehensive Cyber liability insurance policy.
The term “Cyber liability” insurance is somewhat of a misnomer because people tend to equate the word “cyber” with a technological hacking event. However, a more appropriate name for the policy would be “privacy liability,” because the scope of coverage includes the loss of private information through almost any process of theft, not just virtual.
While the widely known tactics of hacking, skimming and phishing were the leading causes of data breaches in 2015, nearly 50% of total data breaches last year were the result of employee error, improper disposal of documents, lost equipment and other non-technological failures.
The costs of not securing adequate protection could be devastating to a business. In fact, the Ponemon Institute’s 2015 Cost of Data Breach Study concluded that data breaches on average leave companies on the hook for $3.79 million in damages per incident, but depending on the cause of the data breach, this number can be even higher.
Hackers are relentless
Contrary to what most might believe, data breaches can, and likely will happen in the life of a business. Hackers are relentless, and their means of acquiring sensitive information are dynamic and constantly evolving. Although reaching out to an insurance broker about Cyber liability coverage is an important first step, there are other specialists that can help as well. It is imperative that business owners ensure they purchase a comprehensive cyber insurance policy that includes the following coverages before signing on the dotted line.
Here are five key aspects of a policy to keep in mind:
Legal advice is critical to making sure the company is in compliance with any regulations. Choose a firm that has previous experience with Cyber liability. (Photo: Shutterstock)
1. Forensics and legal
When a breach occurs, the first step is to hire a forensics and legal team to determine the size and scope of the breach and provide advice on how to comply with the law.
These costs are the most frequently exhausted limits in a policy, so it is important to assure that limits of liability offered by insurance carriers for such coverage are adequate.
Public relations professionals can help a company craft a compelling message for each of the company's audiences. (Photo: Shutterstock)
2. Public relations
Warren Buffet once said, “It takes 20 years to build a reputation and five minutes to ruin it.”
If a network security data breach occurs, it is important to hire a public relations team to help mitigate reputational risk associated with the breach.
Damage from a breach can continue months after a cyber event. Offering credit-monitoring services help affected customers track any changes to their accounts. (Photo: iStock)
3. Notification costs and credit monitoring
Costs associated with informing customers of a data breach are often overlooked.
In fact, 47 states now have breach notification requirements that force companies to inform affected individuals of a data breach in a timely manner. It’s also become standard to offer free credit-monitoring services for at least 12 months following the incident.
Businesses will likely need to set up a phone line or even a new website to provide affected individuals with answers to frequently asked questions. All of these damage control strategies require capital up front, and proper insurance benefits could make or break the success of the company’s response.
A cyber event can shut down websites, cash registers and prevent access to critical records, resulting in lost sales and clients. (Photo: iStock)
4. Business interruption coverage
Network security failure often leads to unforeseen business disruptions.
These interruptions sometimes come in the form of distributed denial of service attacks, which are often accompanied by a malicious party overloading company websites with requests.
After gaining access to a network, cybercriminals can also delete critical flies or add malicious software that causes systems to malfunction or fail. Business interruptions wreak havoc on day-to-day operations and lead to missed business opportunities, disgruntled customers and additional financial losses.
As cyber attacks on medical facilities increase, hackers holding the information for ransom are demanding payment in bitcoin because they are untraceable. (Photo: iStock)
5. Cyber extortion coverage
Clever cyber criminals are getting creative in how they monetize a data breach.
Earlier this year, the Hollywood Presbyterian Medical Center paid $17,000 in ransom to regain control of their internal servers that had been taken hostage.
This wasn’t the first or last time we’ve seen control of a hospital’s servers taken over by hackers in 2016. Extortion coverage also helps cover the costs associated with the investigation of threats to commit cyberattacks and for payments to extortionists who threaten to obtain and disclose sensitive information. Make sure the company is covered in the event of this typically unexpected scenario.
In the end, the success of a company’s fight against cyber crime is ultimately defined by its preparation. Encryption of mobile devices and computer systems is essential, as well as employee training and education. Occasional vulnerability tests to identify areas of weakness when it comes to an existing cybersecurity infrastructure are mandatory. Taking the proper protective measures are important to help prevent a network security data breach, but when all else fails, it is equally important that you have a comprehensive Cyber liability insurance policy in place to cover you for any liability associated with a breach.
Harris Tsangaris is the managing director of New York City-based NFP Property & Casualty.