My Business does not deal with computers.
I don’t really need Cyber Insurance?
I am the only person in my business who even uses a computer.
I don’t face that much risk?
I might need Cyber Insurance, but what kind and how much?
Do any of these statements sound familiar? If they do, than you definitely do need Cyber Insurance. The term Cyber Insurance is used pretty generally because the risks associated with cyber security are so young and they are changing very rapidly. Business owners and insurance companies are still having trouble determining who is at risk and how much do they face. Just because this is a new type of insurance coverage does not diminish the importance it can have for your business.
Many business owners think a data breach can only occur to a big multi-national corporation, but the truth is most data breach first start out with small mom and pop businesses. These mom and pop businesses are first hacked with the intention of gaining access to a larger database through a vendor partnership. In the case of Target and Home Depot both of these breaches were first accessed by a much small business partner, who was hacked.
The three main types of coverage are Cyber Security, Cyber Liability and Technology Errors and Omissions Insurance. The first two deal with risks relating to a Data Breach. The third deals with companies that provide technology services and products.
Cyber Security Insurance, also known as Privacy Notification and Crisis Management Expense Insurance, deals with the first party damage to you and your business. It does not protect your business from damage to third parties. This coverage deals specifically with the immediate response costs associated with a data breach. In many cases it is required by law to find out how the breach occurred, notify those affected and provide credit monitoring services for one year.
Examples of costs included in Cyber Security Coverage include:
hiring a forensics expert to determine the cause of the breach, suggest measures to secure the site and prevent future breaches
hiring a public relations agency to assist in dealing with the crisis
setting up a post-breach call center
notifying affected individuals whose personally identifiable information (PII) has been compromised
monitoring these individuals’ credit (usually for 1 year)
paying the costs to “restore” stolen identities as a result of a data breach (e.g., expenses of notifying banks and credit card companies)
Cyber Liability Insurance, also termed Information Security and Privacy Insurance, covers the insured’s liability for damages resulting from a data breach. It does not cover expenses that deal with the immediate response cost. This type of insurance protects businesses which sell products and services directly on the internet. Also, it protects businesses which collect data within its internal electronic network. The most common forms of data breach involve personal or financial information like credit card numbers, bank account information, social security numbers, health information, trade secrets or intellectual property.
The types of situations where this information are accessed include:
An employee’s car is broken into and a business laptop is stolen.
An email containing sensitive customer information is sent to the wrong person.
Important paperwork, like a credit application, is taken during a break-in.
Failure to timely disclose a data breach.
Technology Errors and Omissions
Technology Errors and Omissions Insurance, also referred to as Professional Liability or E&O, is a form of liability coverage that protects businesses who provide or sell technology services and products. This coverage prevents businesses from bearing the full cost of defending against a negligence claim made by a client, and damages awarded in a civil lawsuit. This can include business who sell and service computer products, but it can also include graphic designers and advertising agencies who create digital content that can harm a company’s reputation. It covers computer programmers who may create faulty code for a website that causes that business to mail products to the wrong addresses.
Cyber Insurance is a new and emerging part of the insurance industry and it is not going anywhere. These risks are only going to become stronger as more and more business operate online. Before too long Cyber Security Insurance will be a normal part of businesses insurance policy just like workers compensation Insurance and general liability Insurance are today. Now is the time to consider if and how much cyber insurance your business needs.