What do you do after your business has suffered a data breach? What are your legal obligations and responsibilities? What happens when your company’s computer system is seized and locked by an extortionist who is demanding payment, in Bitcoin, to release your computers unharmed? What happens to the reputation of your company, that you spent years or decades building, when it inevitably becomes public that you had inadequate computer security which compromised hundreds or thousands of your clients’ files and personal information? Who do you call? No, not “Ghostbusters.” If you purchased Cyber Liability coverage you can contact your insurance company and they will be there to help you.
According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses (organizations with fewer than 250 employees) as these entities are perceived as having weaker security systems than larger companies. Even Google has been hacked, and they pay millions in salaries to their IT people, so does any business stand a chance? Yes, you can be sued if your company computer systems are hacked, the “data” on that system is compromised, and someone suffers financial harm as a result. Assuming you purchased third-party liability coverage as part of your Cyber Liability program, your insurance company will defend you and pay indemnity to a third-party on your behalf, whether that is to an individual client or a business partner.
While third-party liability is essential coverage (and it is not the intent of this article to down play the importance of the exposure in any way) some of the key benefits that are provided to companies that purchase Cyber Liability coverage are the additional services that insurance carriers include for a business that purchases first-party coverage. There are many names for these different areas of service, as each carrier attempts to distinguish itself from their competitors, but the basis of the services are very similar. It is integral to work with an experienced insurance agent to make the difference in helping you determine your company’s needs and exposures.
Purchasing cyber coverage can feel a bit like a cafeteria menu, but serious consideration needs to be given to the important first-party coverages. These can include, but are not limited to: Crisis Management, Extortion Services, Notification Costs, Business Interruption, and Social Engineering Fraud. Each of these coverages are essential to a business that has been hacked. The costs incurred, should a business not have first-party cyber coverage, can cause serious financial damage to a company on a long-term basis. According to the Ponemon Institute 2017 Cost of Data Breach Study, U.S. businesses paid an average of $690,000 following a data breach to directly notify victims, and $146 per person in indirect notification costs after a breach.
Insurance companies such as Beazley, Chubb, C.N.A., The Hartford, Hiscox, and Travelers, to name a few, have provided these coverages for close to two decades. These carriers have in-house experts to help guide you and hold your hand through a data breach, or they’ve contracted with outside companies that specialize in these exposures. Insurance carriers want to reduce and mitigate the impact of a computer hack or extortionist threat as much, if not more than, the average business. They take it personally and they want to help protect their clients.
Value added services provided by insurance carriers in the event of a cyber-attack can include everything from forensic experts who help determine the scope, depth, and damage that a data breach causes, to lawyers who can guide you through your legal obligations, and even public relation experts who will do everything in their power to reduce the reputational harm your business suffers which can hinder your ability to recover and grow in the future. Insurance companies are your business partner, and your trusted insurance agent can help determine what your exposures are and which carrier is best for you, so talk to them today.