Cyber Liability – Second in a series

By Tim Kolacz

In my last article, we discussed how Cyber Security is at the forefront of people’s minds lately. From big corporations to your own personal security, hackers are trying to get all of your information. Yahoo! was attacked and over 500 million emails were compromised; Target was attacked through a contractor they hired; but the biggest problem of all is the ones we haven’t heard about. You know why? It’s because most of the companies that have been hacked or breached, don’t know about it yet. Additionally, the typical overall cost associated with a breach of information is about $154 per record. So, if you have 100 records, the cost is about $15,400. That’s pretty dag gum expensive for 100 records. Now imagine you have 100,000 records or 1,000,000… really expensive.

Over 70% of all companies do not have the software in place to monitor cyber-attacks against their system. This could be due to the defenses being too costly or it could be that they haven’t thought about being attacked because of their size of business. Simple items such as firewalls and monitoring software can be had for your data for as little as $40. Some Firewalls are even free for personal and smaller businesses. Putting these defenses in place can help you avoid large claims against your Cyber Liability policy. In fact, the cyber liability policy that you buy has provisions in it that showcase you need to have these items in place before coverage can be provided.

So, what do these policies actually cover? Well, let’s start with the things that most people hear about in the news. Notification Costs for those affected by the attack. This is frequently talked about because it has a direct cost to each record that is breached. The coverage pays for mailings to each person who has their information exposed, as well as pays for credit monitoring for a length of time. More often than not, the length of the monitoring is 12 months. These notification costs can get quite expensive; hence you need to fully understand how much risk your company has that can be exposed.

Business Interruption is a coverage that you may have heard before. Just like when you have a loss of BI when your place burns down, when an attack causes you to lose revenues, you can get coverage here too so that you can recover and stay in business. You can also have coverage for Reputational Harm. This will allow for you to get a Public Relations firm to help rebuild your brand image after an attack. This is a crucial part of the coverage as it could damage your reputation for years if not handled correctly.

There can also be fines levied against your company in case of a breach. The Payment Card Industry Data Security Standard (PCI-DSS) was established to bring a level of standardization of security practices to the industry for securely processing credit card transactions. Defense costs, fines and penalties are normally covered, as are any assessments from the banks for not complying with the standard practices in the industry.

So when you are evaluating what to buy in the way of Cyber Liability, you should look at a few factors: one is how many records you actually have on hand; two is how critical that information is; and three is, what you can afford. When you are looking at total records, you should add up everything you have. Health files, social security numbers, and credit card numbers are just a few of the items that you control that if exposed could cause harm to your clients. When looking at how critical the information is to your reputation as a company. If you have 500,000 health records that include everything about the person including all their personal information, if this information is breached, the person is greatly affected, but your company is also affected. If you become known as the company that lost 500,000 social security numbers, that could follow the company for ever. Recently, Yahoo! was trying to sell itself to Sprint. After Sprint realized how big a breach Yahoo! had, the price that was being offered dropped by over $900 million.

Then, at the end of the day, you must look at how much coverage you can afford. There are not many companies that can afford insurance of $15 million in Cyber coverage. So, you get what makes sense and is cost effective. By and large, clients tend to skew to the 3 to 5 million dollar range. This provides a lot of coverage and allows for a premium that is more realistically fit into their annual budget.

Tim Kolacz works for HUB International, a nationwide insurance broker. Call Tim at 951-779-8730. Call him late, call him often.