Do you need Cyber Liaibility Coverage for your Business?
By Jan Laman, Harbour Insurance Services
Exposures Everywhere
Almost any company conducting business today has an Information Security and Privacy exposure that could be protected with a Cyber Liability policy. Whether it is digital or analog, on a thumb drive or on a piece of paper, sensitive data and information must be stored and transmitted securely. As we have seen in recent months, there is no such thing as completely secure when hackers have gotten into Sony, Citigroup, and RSA among others. Now The Wall Street Journal even says that employees are the biggest threat to data security.
It is no longer a matter of“ IF” you will have a breach but“ WHEN”. So, What Will You Do?
While Sony can survive their data breach many small businesses can not. It is a common misconception that small businesses are immune to a breach. However, hackers are now specifically targeting small businesses. In fact, according to the Verizon 2011 Data Breach Investigations Report the majority of breaches involved companies with 11to 100 employees.
Breach Costs
Having a proper coverage in place may have helped Sony after suffering multiple data breaches recently. Sony is now being denied coverage under their Commercial General Liability policy by their CGL carrier, Zurich. The breach costs are already estimated at $ 178 million for the year. This number does not include legal fees and possible compensation awards that may result from the 55 class action lawsuits.
Cyber policies enable companies to not only respond to a breach but also encourage preventative measures by providing risk management tools such as self assessments, information hotlines, and research articles on how to prevent a breach.
A Cyber Liability policy can also help mitigate costs if a breach occurs. These costs include, lost business, legal services( defense & compliance), forensic investigations, notification costs, identity protection services, free or discounted services, and public relations. In 2010, the average cost per breached record was $ 214 according to the 2010 Ponemon Institute Study.
Lost business costs represent the largest portion of a breach. For example, network downtime cost Sony $ 10 million a week as a result of their breach. Forensic investigators result in an additional cost as they must be brought in to determine the cause and extent of a breach and determine appropriate remedial measures. Public relations is also an important part of crisis management and can be covered along with forensic investigators and lost business.
46 states have already passed notification laws requiring companies to notify customers of a breach. With the average notification cost at $ 15 a record, a small company that loses a storage device with 1,000 records could easily incur $ 15,000 in costs for notifying customers while the minimum premium for a Cyber Liability policy is $ 1,000.
Additional costs include communications between the victim and company to address questions and concerns, credit report monitoring services, reissuing of new accounts or cards, and free or discounted services. Most policies have coverage available for these issues as well.
Why does it exist? Cyber coverage exists because it is excluded on Commercial General Liability( CGL) Policies.