Image credit: Control is an Option to Command, by Frederico Cintra, licensed under CC BY 4.0
In the wake of high-profile data breaches where hackers humble multibillion dollar companies, questions like “Am I vulnerable to something like this?” or “Do I need cyber risk insurance?” inevitably rise in the minds of large and small business owners around the world.
Then they’re promptly forgotten.
Until the next time a similar story is reported on the news. (For example, the recent Equifax horror show.)
If you’re an IT professional in certain industries, you probably have no delusions about cyber risk insurance being a necessity; outside hacks for ransom and/or data breaches from within a company’s ranks are too common, and too costly. It’s a no-brainer.
Even if you’re not a motion picture CEO, or the Google VP, however, you need to be aware of the fact that you may have a cyber target on your back, or weaknesses within your company that could be exploited. A 2016 study by Symantec didn’t have “Movie Studio” or “Technology Giant” listed in the top five businesses affected by ransomware; service industries, manufacturing, finance/insurance, real estate, and public administration showed up as the most targeted. (Entertainment and technology services didn’t even make the top ten list, which included wholesale trade, transportation, communications, and utilities, retail, construction, mining, and Agriculture, Forestry and Fishing.)
Ransomware is affordable (it can be purchased for less than $2,000.00), and adapting as fast as protective software can be developed; Symantec found 101 new ransomware “families” in 2016. That number represents a 36% increase from previous years. While effective security measures and employee training are good protocols to have in place, a cyber insurance policy could mean the difference between returning to business after a breach, or shutting down.
Hacks for ransom (where a system is compromised and the hackers demand payment to restore it) represent only one type of data breach. Data leaks can be purposeful hacks (as with Google, Target, and HBO’s Game of Thrones nightmare), or accidental (like the incident with Whitehead Nursing Home or the mishap with the City of Calgary)…but the resulting public relations nightmares and potential for revenue loss are the same.
Don’t believe for a second that only large businesses are targeted; Symantec’s study found that smaller companies (251-500 employees) are more likely to be targeted by email malware, possibly for the very reason that they’re ill prepared to handle an attack.
As a business insurance sales specialist and the team leader of the INSURICA Insurance Management Network Technology Practice, James Roskopf knows what he’s talking about when he says that it’s a mistake to underestimate cyber risks and the people who perpetrate them.
“You have to remember,” Roskopf says, “That hackers are mean people.”
“A lot of people are still looking at cyber issues as a cost of doing business. If they get attacked with ransomware, they know that the FBI discourages paying hackers, but they also know that paying is the path of least resistance.”
There’s another Symantec statistic that proves Roskopf’s assertion about the cruelty of hackers, and puts to rest the notion that paying the ransom is ultimately less costly than an ongoing monthly insurance premium; only 47% of the victims of ransomware who pay the ransom are found to recover use of their stolen files.
Rather than relying on a criminal’s promise of good faith, a risk management program that includes cyber liability is the best way to forestall a business-ending security breach.
Cyber risk insurance coverage options can be scaled according to your business’s size and needs, and can include a budget for public relations repair if your customer’s data is compromised. Some other costs to consider that a good cyber liability policy can cover:
- Security fixes and cyber forensics
- Notification and identity protection for affected customers
- Libel, copyright or infringement, and defamation (social media posts can take a minute to post, but have a long recovery period)
- Damages to a third-party system (in case of an accidental virus transmission, for example)
- System failure; hardware losses due to a natural disaster or malicious destruction would be covered under a commercial property or inland marine policy, but data and code losses would need electronic data protection coverage
Whether you’ve spent years building your business or you’re just starting…you can’t afford a catastrophe. A cyber risk policy for your company could be the safeguard it needs for a long, prosperous life.
Call us today at 1-855-279-9559 to discuss your cyber risk management plan. For the majority of businesses, a quote from an agent is available within five minutes, upon answering a few basic questions about your company.