As cyber threats increase, so does the need to protect businesses from potential losses. The number of cyber attacks is on the rise and these security breaches can cost businesses millions of dollars in reparations. Cyber liability insurance is designed to help cover financial losses due to data breaches and other forms of cyber-related damage.
No matter your business size, if you deal with sensitive data, it’s important to know who needs this specialized type of coverage and understand how it works. This includes businesses of all sizes, from small mom-and-pop shops to large corporations. Even if you don’t store customer data on your own servers, you may still be liable for any losses due to a breach.
Below are five common cyber insurance myths we hear from business owners regularly. Unfortunately, many of these myths leave you completely exposed and at risk of losing your business after a cybersecurity incident.
"We are too small, we have no risk"
Many business owners think that they are too small to need cyber liability insurance. However, this is not the case. Cyber criminals don’t discriminate based on size and can target any business regardless of its size. Even if you don’t store customer data on your own servers, you may still be liable for any losses due to a breach.
In fact, small businesses are easier targets for cyber criminals due to the lack of investment in online security and training for their employees. In a recent study from Accenture, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves. After an attack, many small businesses are unable to open due to financial loss and reputational harm caused by the attack.
"We use a third-party payment processor"
Have you read the contract in full? Often third-party processors may indicate they provide cyber liability protections for the client data used to process payments however embedded in the fine print they may limit their exposure to only notification and reimbursement expenses to targeted victims. But what about your lost income from the inability to process payments, fees, and penalties assessed against you?
In addition to payment data used with third parties, your business may also hold other vital information as it pertains to your customers. Businesses often maintain customer data as it pertains to addresses, dates of birth, and other personal information for marketing purposes. What happens if that information is compromised on your system? That is not information controlled and or covered by any policies provided by third-party processors.
"We have an IT department and backup regularly"
This is an extremely common statement from our prospects prior to understanding the need for cyber liability insurance coverage despite having certain protections in place. Cyber criminals are smart and as ransomware attacks advance, criminals have learned how to outsmart even the best of IT's intentions.
The argument used to be, "if they take control of our system we can just shut down and re-boot from a prior backup". That used to work, but now cyber criminals may infiltrate your system weeks if not months before they announce their presence. So how long ago did they first infiltrate your servers, what have they taken or downloaded, and how far back do you even keep your downloads?
If a breach did occur and you are aware of it, your state may require notification to your clients regardless of your ability to maintain operations. Notification expenses can be very costly, especially if you work with a number of customers from multiple states all with separate notification guidelines. Without a cyber insurance policy, you could be left to cover those notification expenses out of your own pocket.
"We are already covered by our general liability policy"
This is false. In fact, most general liability policies include a cyber liability exclusion as a part of their policy forms. General liability policies are designed to cover physical injuries and property damage, not cyber incidents. Cyber liability insurance is a specialized form of coverage that is designed to protect your business from losses related to data breaches, cyber extortion, privacy violations, and other cyber risks.
It is important to understand the difference between general liability and cyber liability insurance. General liability policies provide protection for claims arising out of bodily injury or property damage caused by the insured’s negligence. Cyber liability insurance provides coverage for claims arising out of a breach in data security or privacy rights.
"It's too expensive"
The most common misconception is that cyber liability is expensive and unaffordable, especially for small businesses. Cyber liability is rated on several risk factors:
- The type of risk or risk profile (i.e your business operations)
- The number of records or type of records kept by your business
- The cyber security networks you already have in place.
Your ability to detect and or prevent a cyber incident as a part of your risk management procedure will be a major factor in pricing your cyber policy. Start now by putting the right procedures and training in place for your employees so that when you review your cyber liability policy options you can provide your insurance broker with a list of cybersecurity practices already in place.
Don't know where to start with purchasing cyber insurance coverage? As a resource to our clients, Insurance for Texans provides clients with access to a free Cyber Vulnerability Assessment. This assessment provides you with a general grade of your current cyber risks. For a comprehensive cyber insurance review of your current insurance policy or if you have questions regarding the purchase of a new cyber policy contact our office.
