Breach notification laws exist in 46 states across the US. Even if you are lucky enough to be in one of the states that has not yet enacted a law, the chances are you will still fall foul of another state’s rules or one of the emerging federal laws. These generally require businesses that lose sensitive personal data to provide written notification to those individuals that were potentially affected. Notices need to be drafted by appropriately qualified lawyers, printed and sent out by physical mail. Expensive computer forensics are generally required to identify the source and nature of the loss. Affected individuals often demand credit monitoring services or an equivalent in order to minimize the risk of identity theft. All of this can be exceptionally expensive and even the smallest breach can cost several hundred thousand dollars to manage. Cyber policies not only provide the financial resources to pay for these breaches but can also provide access to specialist breach response resources to help you manage and contain the incident.
We all hold more data than ever before and often this data belongs to our customers and suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims in the event that you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data. Regulatory actions are also on the rise with significant fines now in place for businesses that place sensitive personal information or medical data at risk.
Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realize that a standard property policy would not respond in the event that this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss no matter how it was caused and up to the full policy limits.
All businesses rely on systems to conduct their core business, from electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a “non physical” peril like a computer virus or denial of service attack.
New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional property or crime insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses.
Global credit card crime is worth over $7.5bn and increasingly this risk is being transferred to the businesses that lose the data. For example, under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, credit card reissuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs.
Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a Public Relations firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors.
Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightening speed and exposed to the world. But often there is little control exercised over what is said and how it is presented and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement.
The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a bus, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus.
While the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss. In fact, over a third of global targeted attacks were aimed at businesses with less than 250 employees. Cyber attacks are quickly becoming one of the greatest risks faced by smaller companies, making cyber liability insurance a must. It can help protect smaller companies against the potentially crippling financial effects of a privacy breach or data loss.