Mind The Gap: Cyber Breaches Are Expensive, Exposures Wide

After digesting these alarming statistics, a risk manager must recognize the range of exposures a company has from both first- and third-party sources that put it at risk for litigation.

A rogue employee posting on a blog, social-media page or discussion forum, for example, can make your company liable for slander or defamation. Customers' personal and financial information that sits on your servers or at a data site can be an easy target for hackers to swipe valuable data.

What's more, if you have a website with any content, your company can be targeted for violating copyright or intellectual property laws.

Even the simple mistake of a company laptop left in a taxi can launch a long and costly nightmare involving theft or extortion. Exponentially exceeding the hardware replacement, the average cost of lost data from a single laptop is $49,246, according to a survey conducted by the Ponemon Institute.

INSIDE JOB OR GLOBAL SYNDICATE

A hostile cyber act can come from anyone with malicious intent. In fact, a surprisingly large number of data breaches—over half by some estimates—are carried out by insiders.

Combine this with the fact that a perpetrator could live halfway around the globe, and that cyber criminals operate worldwide 24/7, and the omnipresence of cyber threats from multiple sources must be acknowledged.

And there's more. Lost time and business are compounded by costs for data restoration plus the expense of complying with federal regulations requiring customer notification. In addition, every state except Alabama, Kentucky, New Mexico and South Dakota has its own cyber-liability statutes.

Besides penalties, notification can entail printing, mailing, telephone costs and worse: loss of customer business and confidence—and serious damage to your good name.

ASSESS YOUR EXPOSURE

No matter the size of your company or the scope of your business, you'll want to put a team together to understand your exposures.

Successful risk assessments require full support of senior management and should be conducted by teams that include both functional managers and information- technology administrators. You may or may not need to hire outside parties, such as legal or IT experts, but your insurance broker always should be involved in helping you with your risk assessment.

With your team in place, start by thoroughly assessing all exposures. From password protection to employee access to third-party suppliers, a thorough analysis of every facet of your business's cyber presence needs to be examined.

COVERAGE & COSTS

While most standard business insurance policies include general liability, there is often no coverage for third-party vendors or unidentified cyber attacks.

The good news is that specific cyber-liability insurance is affordable. A typical $100,000 policy for a small business costs between $1,000 and $1,500 annually. The policies can cover everything from hiring outside personnel to helping reconstitute data to the public-relations expenses needed to repair a damaged reputation.

While some carriers add only minimal coverages to policies, there is a blooming market of carriers taking a very proactive approach and offering comprehensive standalone coverages. The risk manager or broker can find a carrier willing to offer expansive coverages to meet the risk manager's needs.

Many experts believe cyber-liability insurance will become the norm for businesses. As more players enter the market to meet growing demand for this coverage, the industry will be able to provide more comprehensive policies with fewer exclusions.