What is Cyber Liability?
Cyber Liability can seem confusing and overwhelming, but in reality it boils down to a very simple concept:
If you require customers to provide their personal information in the course of doing business, you then become liable to protect that information from anyone.
It becomes easier once we break down two words from above:
Information: This can be interpreted as anything that can identify an individual. The most common examples are credit cards, Social Security numbers, and health records. It also can extend to e-mail addresses, driver’s license numbers, and personal passwords.
Anyone: This is where things can get tricky. Most identify “anyone” to be hackers. In reality, “anyone” is anyone outside of your business network. This can be rogue employees that steal information, hackers that break into your systems, or the general public by accidentally releasing this information via paper or digitally.
WOW! Basically, any information about a person collected while doing business can create a liability for you and your business.
Can you identify some major exposures your business might have?
What does “liability” really mean?
1) If customer’s personal information is lost or stolen, it now means that your company can be sued by those customers for losing their information. The amount of the suit will vary depending on the type of personal information and volume of customers impacted.
2) If credit card numbers are involved, your business will face legal action for all of the fraudulent charges racked up by the credit card companies. Consumers are not being held responsible for fraudulent charges but rather the credit card companies are suing the businesses that are at fault of the breach.
3) Lastly, your business can face fines and penalties for negligence from regulatory bodies.
Is there insurance available to protect my business? YES!
There is good and bad news when discussing Cyber Liability Insurance:
Good News: There are insurance policies today that protect exactly for the risks mentioned above, and so much more! Coverage now includes protection for 1st party claims. These are losses that directly affect the insured, such as:
- Cyber Extortion: This is when your business network is held for ransom by a hacker. Hackers that gain entry into your systems can encrypt all of your files and promise to release them once you make payment to their account.
- Social Engineering: Someone is able to gain access to your network and trick the accounting or upper management department to transfer money to different accounts. Most common is an e-mail that is sent from the owner of a company to accounting, demanding that a wire transfer be immediately sent to a new bank account.
- Public Relations: Costs associated with restoring a business’ image within the community based on the impact of a data breach.
- Customer Notification/Credit Monitoring: Almost every state has a specific law that deals with losing personal information. You must notify by the rules of the state the customer lives in, not just by the state your business resides in. This can be very costly and is usually provides free credit monitoring to the customers that were affected.
- Data Recovery/Forensic Costs: In the event that your business data has been destroyed or a breach has occurred, the insurance will hire a Computer Forensic Specialist to retrieve your lost/damaged data as well as determine the effects of the breach to your systems.
Bad News: BEWARE! Cyber insurance is relatively new and quickly evolving. No two companies are offering the exact same products, and most companies are including limitations on coverage or limits themselves. You should have your Cyber Insurance reviewed annually as the market continues to offer new insuring agreements. A policy written 3 years ago might be obsolete compared to today.
Looking to understand more about cyber liability coverage? Reach out to Taras Shalay at (586) 344 – 1982, or by e-mail at Tshalay@AlliedInsMgr.com.