Insurance Basics: Cyber Insurance
A data breach can damage more than just your business’s computer system – it also can damage your reputation and put your customers and/or employees at risk. Engaging with a cybersecurity firm that can help set up your business systems and do periodic testing is certainly a best practice, but even large organizations that spend millions each year on such security have breaches that occur. That's why cyber insurance can be a smart precaution for a business of any size.
Ask yourself the following questions:
- Are your computers connected to the Internet?
- Do you participate in online banking?
- Do you store customers' personal or financial data on computers at your business?
- Do you service or sell cars that hook up to the Internet? (You'd be surprised how many new ones do!)
- Do you have employees or customers that access your business Wi-Fi networks?
- Do you have employees that open email or access links using company-owned computers?
If the answer is yes to any of these, you are potentially exposed to cyber threats.
So, let's see what risks you're exposed to and then talk about what cyber liability insurance can do to help you recover if something does happen.
Attacks on Your Business
There are several types of attacks that can hit any business.
Ransomware – This is an attack in which intruders access your system and encrypt (or lock away behind a code) data that you need to run your business or personal life. These intruders typically ask for money in exchange for giving your data back, thus ransoming it. Some estimates say that there are over 4,000 attacks like this per day.
Denial-of-Service – This is an attack in which intruders overwhelm your system or website, causing it to crash repeatedly.
Malware – This is an attack in which a program is loaded onto your system without your knowledge, allowing intruders to steal information, gain access to systems, log passwords that you use on other sites, damage systems, or spread viruses.
Phishing – This is an attack in which malicious actors send email messages pretending to be a trusted person or entity attempting to manipulate a user to click an attachment or link that will download harmful programs onto your system or asks you to call or log in (stealing any sensitive information you may divulge).
Drive-by – This kind of attack hides on a questionable website and loads harmful programs onto any unprotected computer that accesses it (i.e. the close icon ‘X’ of a pop-up, a link in an email, etc.).
There are many more types of cyberattacks, but the aforementioned attacks are some of the common ways through which cybercriminals can slip between the cracks and gain access to your systems.
Now, let's look at what cyber criminals seek.
What is Stolen?
Hackers, intruders, thieves—whatever you want to call them, they are looking for something valuable. There are several kinds of information they are looking for, and the most common are:
- Customer Personal Records – Such as names, addresses, Social Security numbers, payment methods, or anything else they can sell to identity thieves.
- Financial Records – So they can take money directly from or charge items to your business.
- Security Information – This includes things like passwords, links, and other ways to access your business partners. Intruders may be looking not just for you but also for the big companies you buy from and do business with.
The problem is that this isn't a bank heist. Thieves don't just sneak in, steal cash, and leave, taking only one thing. They take information and money at the same time, and it can take time before any of the information that was stolen is actually used.
This breach of information leaves you wide open to lawsuits and other penalties because it is a business's responsibility to protect its data and the data of its customers.
How Secure Are You?
Sure, you provide Wi-Fi for your customers. You take pictures of things on your phone and email them to your business. As long as everything was set up correctly, that’s all normal and safe, right? You installed your modem, router, and other devices as instructed by the internet provider. The box with the blinking lights purportedly has a “firewall.”
Unfortunately, despite satisfying the typical requirements, the responsibility for cyber liability still falls on you. You have to make sure that your computers, Wi-Fi networks, and passwords are all safe from people who want to steal from you and your customers. The law holds you accountable for your Internet and network safety, and we recommend you consider performing periodic testing of your systems either yourself or using a third-party vendor. At a minimum, you want to ensure if you provide customers internet access that they are on a separate network and that your business computers are on a dedicated, secured network.
But what happens if you are attacked? What if you find yourself with a significant loss? Or a massive lawsuit? That's why businesses carry cyber liability insurance.
How Cyber Liability Protects You
Just like general liability insurance, cyber liability is a powerful, flexible piece of protection that can help keep you in business and get you back to where you were before a cyber incident.
- Cyber liability insurance offers protection with a range of coverages that can prevent you from going out of business after a major data breach.
- It can reimburse you for direct financial losses, pay for legal costs if you are sued, cover regulatory fines if you are found guilty of not protecting your information, and more.
- It can even help cover your business costs if you are disrupted and have to shut down due to an attack, such as a denial-of-service or ransomware attack.
However, not all cyber liability insurance policies are the same – make sure that you know the specific coverages, deductibles, and exclusions on your policy, or enlist the help of a professional to compare policies from multiple insurance companies.
This content is developed from sources believed to be providing accurate information, and provided by Strategic Financial Planning, Inc. Please consult legal or tax professionals for specific information regarding your individual situation. The opinions expressed and material provided are for general information, and should not be considered legal, investment, or tax advice.