Running a business is hard and data breaches are making it harder—for everyone. As the new unfortunate normal, data breaches expose countless amounts of personal data within minutes. From passwords, credit card and Social Security numbers to banking information, driver’s license numbers and medical records, cyber hackers gain entry to a literal feast of sensitive information.
While it seems only the largest corporations face a hacker’s wrath, the valuable business data smaller companies hold is a prime target. In fact, the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report shows the percentage of small businesses that have experienced a cyber attack increased from 55 percent in 2016 to 61 percent in 2017.
With no sign of cyber risks decreasing, it’s never been more important to understand data breaches and how cyber insurance is a proactive step in protecting your business. To help, Presidio cyber insurance expert Kimberley Williams provides insight into the top five facts behind data breaches and how to stay ahead of cyber risks.
Fact #1: Who’s at Risk
Any organization that uses technology to do business and stores personally identifiable information (PII) or provides any IT services faces cyber risk, according to Williams.
“Businesses are so reliant on connectivity that they can’t function without it,” she says. “But, as technology becomes more complex and sophisticated, so do the threats every business and organization face. By having cyber insurance protection, businesses can avoid major expenses, business losses and regulatory fines and penalties.”
Fact #2: Expose Your Exposures
Conducting an annual internal security audit can help determine what factors increase your chance of a data breach by listing your company’s most valuable assets, including customer data or physical data stores. Understanding the big picture of assets helps develop a reliable understanding of its network to develop a security management plan; an audit also identifies weak links in technology, personnel, policy and leadership.
“One of the key times to evaluate and determine potential cyber threats is during your annual insurance renewal review,” says Williams. “Even though a business may not think they’re at risk, an audit along with questions about the company’s day-to-day business can help identify exposures to help develop the best coverage plan.”
Fact #3: Not Being Covered Costs
Not having some type of cyber liability coverage can create serious costs, explains Williams. “If you contain personal information of 100 clients and you experience a data breach, which steals their information, it will cost approximately $50 to notify each of those clients—that’s $5,000 in costs you must pay to complete the notifications.”
The costs keep adding up, especially due to the fact that most businesses rely on their computer systems functioning properly for their business to operate. “Every cost is important to them,” she says. “But, unless they’ve suffered a loss [from a data breach], they may not be willing to purchase cyber coverage.”
And for manufacturing companies whose equipment is run by computers, operations can be completely shut down if their system is hacked. “Now you’re suffering a loss of income that can’t be covered under property coverage due to the fact it wasn’t caused by a fire, flood, wind or water damage,” states Williams.
Fact #4: Know Your Coverage Options
Cyber liability insurance is designed to cover losses related to hacking that typical business policies will not cover; coverage is typically divided into two main types:
- First-party coverage manages the financial implications of a cyber breach to your business and helps compensate for business interruption expenses. This includes notifying customers of the breach, regulatory costs, loss of income and credit monitoring services to customers.
- Third-party coverage protects any business whose action (or failure to act) may cause a third party breach or cyberattack. “Third party entities include any person or company that was affected by the breach that is not a part of your company,” explains Williams. “This coverage provides an insured network security and privacy liability coverage, such as defense against lawsuits from other parties due to data breach at your company. It can also provide errors and omissions coverage for companies that provide professional services in the technology industry, including a software developer.”
Another popular choice of coverage for small business owners is a cyber enhancement endorsement. While it’s cost effective and can be added to an existing policy, it lacks coverage including limit of liability and lack of coverage for extortion, communications and media liability.
Fact #5: Affordable Cyber Coverage Exists
Cyber coverage may seem out of reach financially for many small to medium size businesses, but there are affordable options, according to Williams.
“Fortunately, many carriers have now created products that provide all of the coverage bigger corporations need tailored for smaller businesses at an economical price,” she explains. “As an Acrisure Agency Partner, Presidio has broad access to cyber liability products that offer full liability protection of both first- and third-party protection for about $1,000 to $2,500 a year.
“By pairing ourselves with experts from both the wholesalers and the direct markets, including insurance companies that have specialized departments for management liability and cyber liability coverage, Presidio helps guide each business on the best coverage to fully protect them,” she says. “Cyber security is ever changing, and it’s our job to keep growing in both our education of the issues and what we can provide our insureds.”