Cyber Liability: What You Don't Know Can Hurt You
By Mark Webb, Partner
Cyber liability consists of a business’s liability exposures arising out of the internet and computer network technology, including such events as hacking, virus transmission, privacy breaches, and intellectual property breaches.
The problem for all of us is that there is no fail-safe technology that is immune to hacking. Even if there were, internet security is constantly and quickly evolving as hackers and security experts continuously aim to outwit each other.
Headlines frequently expose the harsh reality of data breaches. Nearly half of all incidents are attributed to lost or stolen equipment. The second largest threat comes from employees, temporary employees and contractors (remember the Target data breach of 2013?). When a breach does occur, 74% of businesses lose customers; 59% face litigation; and 33% incur fines. The average cost per lost record is just under $150.
Data breaches aren’t exclusive to large corporations. Over 72% of all data breaches occurred in small to medium size businesses. A recent Symantec survey indicates that 40% of all targeted cyber attacks are aimed at companies with under 500 employees.
While business owners may be aware of their potential for a data breach, many believe they are adequately protected and that it won’t happen to them. Even if they were compromised, isn’t a privacy breach covered under normal business insurance? Doesn’t my general liability policy cover me?
In a word, no. The property insurance form protects IT equipment, but not the stored data or the privacy requirements associated with those records. Some insurance carriers may provide some “token” cyber liability coverage but relying on this for a serious data breach is not enough.
Business Interruption coverage will typically not respond to outages caused by computer viruses or hackers. The state of Florida requires notification in the event of a potential loss of personally identifiable information, as well as fines and penalties for not reporting the breach. One thing is for sure: no general liability policy will provide proper reimbursement for the substantial cost to comply with regulatory requirements and subsequent out-of-pocket legal expenses.
Cyber Risk Management
Many data breaches occur because of an employee error or an “inside job” from rogue employees. From passwords tacked on computer screens in plain sight and employees opening suspicious emails and downloading malware to lost laptops and smartphones, a large portion of security breaches occurs because of employee actions. Also, keep in mind that a data breach can occur from paper records as well. Outdated customer information, old credit card receipts and employee files that were thrown into the dumpster are just as vulnerable as if a hacker logged into your network.
Best practices to mitigate your cyber risk exposure include:
- Strong Passwords
- Control Access to Data
- Monitor Activity
- Employee Training
- Cyber Protocol (Written Policies and Procedures)
- Risk Transfer – (buy Insurance)
Risk Transfer - What is Cyber Liability Insurance?
The biggest challenge in finding the right cyber liability coverage is the fact that every form is different, making comparison difficult and confusing. Policy premiums also vary dramatically. The most important way to reduce premium is to reinforce your security practices before seeking coverage.
Typical coverage parts found in a cyber liability insurance policy include:
- Privacy Liability (third-party lawsuits for breaches of private information)
- Network Security Liability (third-party lawsuits for non-privacy breaches such as viruses, worms, etc.)
- Media Liability (intellectual property claims such as copyright, trademark, etc.)
- Virus / Hacking Liability
- IP Infringement
- Information Asset Loss (costs to restore any corrupted or lost data caused by a security breach)
- System Damage
- Business Interruption
- Cyber Extortion
- Notification Costs (costs to notify an individual that their private info has been breached)
- Merchant Services (PCI Fines & Penalties)
- Regulatory Fines & Penalties (costs to defend a regulatory action and/or pay any fines and penalties levied by the government)
- Cybercrime/fraud, Ransomware
- Reputational Damage Coverage (the cost to replace income through loss of reputation/customer base)
Cyber liability can have devastating effects on a business. Don’t assume cyber attacks won’t happen to you. Raise your awareness. Take action. What you don’t know can hurt you.