Are you a business owner? If you don’t have cyber insurance, you are leaving a digital door open to would-be cyber criminals. Data theft and similar crimes are on the rise, and the statistics are startling. Studies show that cyber attacks hit North American businesses an astounding 4,000 times per day.
This represents a 300 per cent increase since 2015. If that wasn’t bad enough, cyber security experts predict that cyber crimes could cost $6 trillion in damage every year by 2021. And if you think it’s only large retailers who need to worry, think again. Research also shows that small businesses are a growing target of cyber thieves.
However, there are ways you can protect your business from cyber attacks. Large and small, a growing number of businesses are opting to carry cyber insurance. We look at what cyber insurance covers, why you need it and what to look for as a cyber insurance buyer — as well as how to lower your overall risk.
What Is Cyber Insurance?
Cyber insurance covers a business’s liability for data breaches, including the loss of financial and personal information, such as names, birthdates, Social Insurance Numbers, account numbers and health records. In other words, cyber insurance kicks in when a business experiences a critical network security failure.
So what exactly does cyber insurance cover? There are several types of cyber insurance, but most policies will cover:
- Legal fees and court costs
- Investigative costs related to the data breach
- Mandatory customer notification requirements
- The cost to recover data
- The cost to repair and restore compromised software and systems
While most businesses have general liability policy coverage, cyber insurance is usually excluded from a general business insurance policy. This means your regular business insurance almost certainly excludes network security failures, hacking and similar events.
It’s important to note that cyber insurance can’t stop a data breach from occurring. Just as a homeowner can’t prevent a fire from happening, cyber insurance doesn’t make a cyber-crime impossible or even improbable.
However, cyber insurance ensures that a business remains financially secure in the event a breach occurs. Sometimes referred to as cyber liability insurance coverage, cyber insurance helps a business mitigate the risk of a data breach or similar event.
While it is a relatively new product in the insurance industry, cyber insurance has grown exponentially in recent years, as businesses have started to realize just how vulnerable they are to a data breach. According to PricewaterhouseCoopers, one-third of companies in the U.S. maintain cyber insurance, and the total value of premiums could reach $7.5 billion by 2020.
Take Steps to Reduce Your Risk
While you absolutely need cyber insurance — and an insurance plan could potentially save your business — the best defense against criminals is to harden your security. In some cases, you can even save on a cyber insurance policy if you can show your insurer documentation of risk mitigation, such as a disaster recovery plan.
-
Create a Data Breach Response Plan
Do you know what steps to take after a breach? The first hours and days following a network security failure are key to ensuring your business remains operational, both short-term and down the road.
-
Assess Your Risk Regularly
It’s one thing to identify risks and plan for disaster, but you should also conduct regular assessments and reviews, and then update your breach response plan if needed.
-
Use Best Practices for Safeguarding Data
Evaluate which employees have access to sensitive data. In many cases, you can eliminate risks by restricting employee access to your network or computer systems. You should also take a look at passwords and take steps to ensure everyone in your organization uses good password practices, including creating passwords that are long enough and complex enough to resist hacking attempts.
Want to know other ways how you can mitigate your risk? Click here to download our quick guide on what you need to be doing to protect your business from criminals.
“5 Steps You Can Take To Protect Your Business Against Hackers”
Download a copy of our useful guide.
Looking for an insurance quote or advice on coverage? Call us now at 1 (855) 482-5001 to speak with a broker.
|
5 Reasons Your Business Needs Cyber Insurance
Whether you own a small family business or a multimillion-dollar company, chances are you conduct a significant portion of your business online. Few businesses today can operate without using email, online storage and web-based apps.
Businesses also manage their reputations and customer interactions through social media networks. And unless you run a cash-only business, you probably transmit financial and banking information online, too.
The internet makes it easier and faster to conduct business, but it also leaves your organization — and, by extension, your customers — vulnerable to cyber crimes. This is where cyber insurance can help. Here are five reasons why your business needs cyber insurance.
-
You Store Customers’ Data Online
Whether you use an in-house server or store your data in the cloud, there’s a good chance you maintain digital files filled with your customers’ private information. This information is a veritable goldmine for hackers and identity thieves, who can steal identities and financial information to open fraudulent accounts and even attempt to extort your business for cash payments.
-
A Data Breach Is Inevitable
According to data security experts, data breaches aren’t a matter of if — they’re a matter of when. And it doesn’t matter if you operate a small, one-person business or an enterprise level organization. The harsh reality is that cyber criminals target businesses of all sizes. In fact, research reveals that almost half of all data breaches involve small businesses.
A British survey found that 74 per cent of small companies reported a security breach in 2015. As Mark Smith at The Guardian reports, “[E]xperts are warning that not only are small businesses now firmly in the crosshairs of cyber-criminals, they are fast becoming their favoured target — and are often woefully unprepared.”
Data security experts say there are two main reasons why small businesses are a frequent target of hackers and identity thieves. On the one hand, small businesses assume they are too small to attract cyber criminals. As a result, they fail to protect themselves. The problem is that cyber thieves are aware of this, and they take advantage of weak targets.
“Burying your head in the sand may save money in the short term, but the cost of hacking could range from minor inconvenience, reputation damage, loss of customer data, fines and ultimately company closure.”
Alex Fenton, a digital business expert and lecturer at the UK’s Salford University, told The Guardian that business owners have no excuse for failing to protect their systems.
-
Data Breaches Can Put You Out of Business
Without cyber liability insurance, business owners are left footing the bill for damages that arise out of a breach. The National Cyber Security Alliance reports that one in five small businesses will experience a data breach — with an overwhelming 60 per cent closing their doors because they can’t recover from the financial fallout.
Even a relatively minor breach can cost a business thousands in information technology (IT) expenses and related cleanup. Cost typically include:
-
Investigative Fees
Businesses must investigate the breach, which means hiring IT experts and computer forensic investigators to trace the breach, repair damage and take steps to ensure it doesn’t happen again. In some cases, a business may even have to work with law enforcement to assist in a government investigation.
-
Legal Fees
Businesses must also defend themselves against any lawsuits that stem from the breach. Even a single lawsuit can cost thousands to defend.
-
Business Losses
When a business experiences a data breach, it often loses more than just money. Prolonged periods of downtime and interruptions in the regular course of business can be financially devastating for any organization.
-
Notifications of Identity Theft and Data Loss
A growing number of jurisdictions require businesses to notify customers when their information has been compromised. In Canada, private sector companies in Alberta must comply with mandatory breach reporting under the province’s Personal Information Protection Act.
Other provinces, including Ontario, New Brunswick, and Newfoundland and Labrador impose specific reporting requirements for health-related data breaches.
-
Investigative Fees
-
Your Existing Business Insurance Coverage Won’t Cover You in a Cyber Attack
You might be thinking, “But I already have business insurance! Why should I pay for additional coverage?” Many businesses owners assume they don’t need cyber insurance because they already insure their organizations. However, your general liability policy coverage most likely features specific exclusions for cyber attacks.
Furthermore, your business liability insurance is unlikely to cover you in the event of data loss that occurs due to a disgruntled employee or computer virus. Most standard business insurance policies provide coverage in the event of system outages and data loss due to a natural disaster, but they carve out exceptions for malicious attacks like hacking and employee sabotage.
“Typically, a general liability policy specifically excludes losses incurred because of the internet. So a good cyber liability policy can pick up where your general policy leaves off.”
As Minda Zetlin from Inc.com reports, “Typically, a general liability policy specifically excludes losses incurred because of the internet. So a good cyber liability policy can pick up where your general policy leaves off.”
-
Cyber Insurance Can Provide Effective Risk Management
Large corporations tend to have entire departments devoted to risk management. For the majority of small businesses, however, tight budgets don’t allow for this kind of oversight.
However, a good cyber insurance policy can fill this role. Ethan Miller, a lawyer who talked to Minda Zetlin at Inc.com, says that cyber insurance perform functions similar to a dedicated risk management team. “There are a couple ways insurance can bridge that gap. An insurer might work with a small company to make sure a firewall is in place to protect your network, and make sure you have social media policies that reduce risk.”
Zetlin adds, “Your insurer may well be willing to help with these areas because the better protected you are, the less likely you are to have a breach that could result in a claim.”
How to Choose a Cyber Insurance Policy
As a business owner, you know you need cyber insurance to protect what you’ve worked so hard to build. Now, you need to know what to look for as a cyber insurance buyer.
Determine What Type of Cyber Insurance Coverage You Need
As with most types of insurance, there is no one-size-fits-all policy for cyber insurance. For example, if your business disseminates content, you may need media liability insurance.
If you work in the healthcare industry, you may require greater privacy insurance coverage than another type of business. If you’re in the technology sector, you may also need cyber coverage that protects you against data loss caused by third party cloud, software or IT providers.
Work with a Insurance Broker
You have a lot of options when it comes to finding the best cyber insurance for your business. You could work with an insurance agent, however, this limits your choices, as the agent will most likely only offer coverage from one insurer.
This is why many business owners choose to search for insurance through an insurance broker like My Insurance Broker. With our carriers partners, you can get a quote from the top cyber insurance companies in Canada. You can also mix and match insurance to get the coverage you need to have peace of mind.
At My Insurance Broker, we will help you evaluate policies to ensure your business gets the coverage it needs to manage risk. Because cyber insurance is a specialized area, it’s important to work with an insurance broker that understands how business insurance and cyber insurance intersect. We can assess the limits of your general business liability insurance and help you select a cyber insurance plan that complements it and fills in gaps where needed.