Picture this: you head into your office on Monday morning, turn on your computer and begin to reply to emails. You see an email from your internet provider, alerting you that someone has accessed your company data from a foreign country over the weekend. None of your employees have been overseas in the last month, and you realize that the unthinkable has happened: your business has been hacked and your customer’s information has been stolen.
If personal identifying information (PII) or protected health information (PHI) is stolen from a company, the business has a number of costly legal responsibilities to fulfill. A data breach of just 1,400 records costs an average of $675,000 to restore. Because of this, making sure that your business has proper cyber liability coverage in place can prevent a major headache in the event of a hack.
But what should you be looking for in a cyber liability policy?
1. Security and Privacy Liability – This will provide coverage for failure to safeguard online and offline information, external virus attacks, denial of service attacks or the transmission of malicious code.
2. Privacy Regulatory Defense & Penalties – This provides coverage if government agencies file suit or penalize your company for a breach.
3. PCI DSS Liability – If your business has merchant services, you must be in compliance with bank and credit card companies. This part of the cyber policy will provide coverage if you are out of compliance.
4. Data Recovery – This is coverage for restoring lost or damaged data from an attack. In addition, this includes Business Income Protection for loss of income while the company is fixing the issue.
5. Cyber Extortion – If your computer is being held ‘hostage’ for money or cryptocurrency, cyber extortion provides the protection.
6. Reputation Harm – If word gets out that your company has been breached, it could lead to a negative reputation in the marketplace. Coverage in a cyber policy will allocate funds to help rebuild your company’s good name.
7. Multimedia Liability – Suppose you download a picture off the internet and use it on your website or put into brochures. If the image is copyright and a complaint is filed for infringement of copyright/trademark, this coverage will defend the business.
8. Privacy Breach Notification – The law requires that business must inform each of their customers of a breach and provide temporary credit monitoring. The average cost of this is $20 per customer. So, if 5,000 records were breached, the policy would pay out $100,000 for this one piece.
9. Cyber-Crime – A cyber policy will also include coverage for loss of money due to unauthorized system access (Computer Fraud), fraudulent transfer instructions (Funds Transfer Fraud) and/or a person impersonating another and fraudulently providing instructions to transfer funds (Social Engineering Fraud.)
Without a cyber liability policy in place, businesses run the risk of facing not only damaging cyber-attacks, but also significant legal issues. By outlining the assets you need to protect in your policy, as well as the controls in place to protect them, businesses can be better prepared to protect their critical data.