Is technology part of your daily business activities?
Does your company handle its customers’ financial information, health information, drivers’ license numbers or other personally-identifying information? Do you have a website, social media presence or internet-based business? Do your employees store company data on laptops and other portable devices that could be stolen or hacked?
As cyber attacks, database/website hacking, cyber terrorism and other technology-related data compromises become an almost-daily occurrence, all businesses are at risk for a potentially-costly data breach. Small business are targets as much as the large companies who have made the news – Sony, The Home Depot and Target – and the nominal charge for cyber insurance can mean the difference between staying in business or bankruptcy.
FACT: In late 2013, Target was the victim of a cyber attack compromising 40 million customer credit and debit card records. The company would have spent $252M in data breach-related expenses if they hadn’t had a $100M in cyber liability coverage.
FACT: Of the 855 data breaches examined by Verizon in 2012, 71% occurred in business of 100 employees or less. (Verizon Data Breach Investigations Study, 2012)
FACT: What do Scottrade, Experian, Penn State University, Chic-Fil-A and Staples have in common? All have been the victim of a cyber attack where customer information has been compromised.
What can cyber insurance cover?
The standard Property policy does not address losses relating to phishing, social engineering, telephone hacking or loss of business income related to stolen devices, malware, virus or other cyber attack that brings down your company's systems and prevents your business from operating.
Cyber insurance can cover what Property and Crime coverages do not:
- Liability for breach of confidential information.
- Costs relating to information breach, including but not limited to:
- Consumer notification of data breach;
- Customer support and services offered to help affected individuals protect themselves (i.e. free credit report monitoring);
- Cost of experts needed to assess the extent of data breach/corruption;
- Legal costs associated with regulatory investigation and expenses imposed for data breach by regulatory entities;
- Cost of PR agency needed to repair reputational damage where applicable;
- Costs of restoring corrupted or stolen data.
- Costs/expenses/loss of income associated with business down time due to a data breach and interruption of business activities.
- Personal injury and advertising exposure (i.e. damage to one's reputation because of social media hacking).
- Costs of an act of cyber extortion, cyber deception or cyber terrorism.
DEFINITION - Social Engineering/Cyber Deception: Have you ever received an email from a relative on vacation needing a money transfer urgently? Or a work superior sends you an e-mail asking you to authorize a funds transfer while he/she is out of the office? Then you come to find out that the e-mail origin is not your friend, relative or co-worker?
Social engineering occurs when somebody is manipulated into revealing sensitive information or doing something, such as transferring money, by a social engineer masquerading as the victim's friend, relative, co-worker or business superior.
Phishing, pretexting, baiting, quid pro quo phone phishing and tailgating are all examples of social engineering. Social engineers are increasingly clever in the means by which they get sensitive information and cyber insurance is continually evolving to make sure that social engineering victims are protected.
Cyber Insurance and Fiduciary Responsibility
FACT: 10 directors of Wyndham Hotels were found guilty of breach of fiduciary responsibility for failing to prevent, disclose and correct a breach of sensitive customer data occurring between April 2008 and January 2010.
Directors and officers can be found in breach of fiduciary responsibility to employees and shareholders when sensitive data has been compromised (“lack of oversight”). If implicated, your personal assets may be at risk. Cyber insurance, when paired with D&O and Fiduciary Liability insurance, can protect the solvency of your company, as well as your own personal assets.
Want to learn more about how Eastern can help protect you and your business from cyber attacks? Contact us at any time at 800-333-7234 or by visiting our website.