Do you need Cyber Liaibility Coverage for your Business ?
By Jan Laman , Harbour Insurance Services
Exposures Everywhere
Almost any company conducting business today has an Information Security and Privacy exposure that could be protected with a Cyber Liability policy . Whether it is digital or analog , on a thumb drive or on a piece of paper , sensitive data and information must be stored and transmitted securely . As we have seen in recent months , there is no such thing as completely secure when hackers have gotten into Sony , Citigroup , and RSA among others . Now The Wall Street Journal even says that employees are the biggest threat to data security .
It is no longer a matter of “ IF ” you will have a breach but “ WHEN ”. So , What Will You Do ?
While Sony can survive their data breach many small businesses can not . It is a common misconception that small businesses are immune to a breach . However , hackers are now specifically targeting small businesses . In fact , according to the Verizon 2011 Data Breach Investigations Report the majority of breaches involved companies with 11to 100 employees .
Breach Costs
Having a proper coverage in place may have helped Sony after suffering multiple data breaches recently . Sony is now being denied coverage under their Commercial General Liability policy by their CGL carrier , Zurich . The breach costs are already estimated at $ 178 million for the year . This number does not include legal fees and possible compensation awards that may result from the 55 class action lawsuits .
Cyber policies enable companies to not only respond to a breach but also encourage preventative measures by providing risk management tools such as self assessments , information hotlines , and research articles on how to prevent a breach .
A Cyber Liability policy can also help mitigate costs if a breach occurs . These costs include , lost business , legal services ( defense & compliance ), forensic investigations , notification costs , identity protection services , free or discounted services , and public relations . In 2010 , the average cost per breached record was $ 214 according to the 2010 Ponemon Institute Study .
Lost business costs represent the largest portion of a breach . For example , network downtime cost Sony $ 10 million a week as a result of their breach . Forensic investigators result in an additional cost as they must be brought in to determine the cause and extent of a breach and determine appropriate remedial measures . Public relations is also an important part of crisis management and can be covered along with forensic investigators and lost business .
46 states have already passed notification laws requiring companies to notify customers of a breach . With the average notification cost at $ 15 a record , a small company that loses a storage device with 1,000 records could easily incur $ 15,000 in costs for notifying customers while the minimum premium for a Cyber Liability policy is $ 1,000 .
Additional costs include communications between the victim and company to address questions and concerns , credit report monitoring services , reissuing of new accounts or cards , and free or discounted services . Most policies have coverage available for these issues as well .
Why does it exist ? Cyber coverage exists because it is excluded on Commercial General Liability ( CGL ) Policies .