Is your firm at risk for a cyber attack?  The answer may surprise you.  Attacks against all businesses are increasing, and though smaller companies may assume they won’t be targeted, Symantec’s 2016 Internet Security Threat Report found that 43% of all attacks in 2015 were against small businesses.  You can’t entirely prevent an attack, but you can protect your company by purchasing cyber insurance.  Here are a few things to consider.

What is cyber insurance?

Cyber insurance, also called cyber risk or cyber liability insurance, is designed to help companies limit risk and protect their assets after a cyber-related security breach.

Is cyber insurance the same thing as errors and omissions insurance?

No.  Cyber insurance is related to, though not equivalent to, technology errors and omissions (E & O) insurance.  E & O insurance covers claims arising from the performance of your products and services, but doesn’t necessarily include losses due to data or security breaches.

What does cyber insurance cover?

Some common first-party reimbursable expenses include a forensic investigation of the breach, monetary losses due to network downtime or business interruption, and credit monitoring of affected clients.  Common third-party costs include legal defense, settlement and damages related to the breach, regulatory fines and penalties, and cyber extortion through ransomware.

How do I choose a cyber insurance provider?

Though cyber insurance coverage is becoming increasingly popular, not all insurance companies offer it at this time.  Begin by contacting your current insurance broker to find out if it’s currently available to you.  If you are choosing among several quotes, remember that language used to describe cyber insurance can differ from provider to provider, so pay careful attention to key variables.  For each quote, determine:

  • What is the deductible?
  • If outside investigators are needed, what vendors may I choose from?
  • Does this include extra coverage (cyber extortion, loss of intellectual property)?
  • Are there exclusions?
  • Does it cover prior acts (if hackers breached your network before the policy was purchased)?

What is required of me?

The cyber insurance application will require gathering a large amount of information, and may involve cooperation between your IT, Accounting, and Legal departments.  You should expect to provide information regarding your technology use, data encryption, security procedures, client and vendor contracts, employee training, and internal and external auditing procedures.  This will demonstrate to insurance providers your ability to detect and respond to a potential breach.  This will also help your firm assess its level of risk and determine how much coverage is necessary. 

As we’ve seen in recent headlines, businesses are increasingly under threat of a confidential data breach.  We recommend that your firm discuss and create a cyber response plan among relevant departments, and consider adding cyber insurance to your existing coverage.

If you have any questions about cyber liability coverage or other risk management or insurance issues, call us at 864-327-5000.  We would be glad to help you.