Safety in the digital age: Insuring against a cyberattack
Computer systems are helping businesses be more successful than ever before. But when they fail – or get hacked – everything can come to a screeching halt.
If the damage is severe, a company can find itself virtually deleted.
That’s why cyber liability insurance coverage should be an integral part of virtually every business’s insurance portfolio. Too many businesses wait until after a cybercrime happens, thinking, “We’ve got anti-virus software,” “We know not to click on strange links,” or “It can’t happen to us.”
The latest worldwide debacle involving the “Wanna Cry’’ ransomware attack shows the folly of such thinking. Indeed, almost every week we hear of breaches impacting major retailers from Target to Zappos.
Many people mistakenly think that cyber liability insurance is synonymous with identity theft coverage. In reality, cyber liability insurance encompasses much more.
Consider the ramifications of hacking that affects a health care provider and compromises patient information. Not only could personal identifying information be released, but also it is highly likely that there is a violation of HIPAA, the federal Health Insurance Portability and Accountability Act, which prohibits the release of medical information without the patient’s consent.
Depending upon what steps the health care provider took to protect patient information, the provider may be fined for the release of this protected information by the federal government, and could also be sued by patients. The stakes rapidly become extremely high.
Businesses accepting credit cards also have a responsibility to safeguard their customers’ information. Federal guidelines based on the number of transactions processed determine appropriate safeguards and what steps to take when a breach occurs. These include how quickly to notify the media.
Ransomware attacks like the “Wanna Cry’’ episode are also becoming more prevalent and more poisonous. These attacks paralyze companies and prevent them from accessing their data unless they pay up – and authorities warn that giving into the “kidnappers’’ demands doesn’t guarantee your system will be unharmed.
If the hacking impedes the business’s ability to serve its customers, it can create additional liability issues due to the disruption or the inability to provide service. Clients could sue if the disruption causes them to lose money and business.
The hacking can destroy operating systems. If the data was not backed up or the backup is corrupted, the data must be reconstructed. Sometimes, after an attack, you can be back in business in a few hours. Worse, it may take several days and a staggering amount of costly overtime.
Regular business income on your property policy does not generally cover a cyber loss, because there is no tangible loss of property, meaning, the hardware is not affected physically.
Beyond the loss of business, time and data, your business’ reputation may be adversely affected. Many customers decide to no longer do business with a company that can’t or won’t protect their confidential information in a more foolproof way.
If you are the victim of a major hack attack, your business will need to engage an attorney in defending against claims filed by patients and customers. Your business may also need the help of a public relations firm to help restore confidence in your business and brand.
A cyber insurance policy can provide coverage for all of these scenarios, subject to deductibles and policy limits.
Today, many insurance companies are including or offering cyber coverage in their Business Package policy, Professional Liability policy, or Director’s and Officer’s Liability policy. While this coverage is better than having no cyber insurance coverage at all, it may give you a false sense of security. Coverages may be very limited, and fail to keep pace with, or apply to, the losses incurred.
Often, the coverage included is identity theft coverage; credit monitoring fees for compromised individuals; public relations costs; or defense costs. The limits for the included coverage may not be adequate for your business’s exposure.
That is why it is vital to contact your insurance agent or carrier to ferret out the details of your cyber insurance coverage. It also makes sense to have an independent review of your insurance from an expert who can examine your vulnerabilities in all areas and recommend the type and level of coverage you need.
Like your homeowners and automobile insurance policies, you need to understand and trust that your business coverage will be there for you if your critical information falls into the wrong hands.