We’ve all heard of the data breaches that have affected government organizations and large businesses in the US. Although the large data breach is what makes the “News,” small and medium-size businesses are being targeted as well. It seems now that it’s not a matter of “if” but a matter of “when.”
There’s bad news and there’s worse news concerning data breaches for businesses across America. According to a report published by Property Casualty 360, small-business cyber attacks are on the rise:
Also, considering that reporting a data breach can lead to a damaged reputation, the National Conference of State Legislatures has determined that many businesses fail to report data-breach events out of fear of significant loss of business. Fortunately, insurance carriers have responded to the peril of data-breach by developing comprehensive Cyber Liability policies that will act as a financial parachute for victimized businesses.
To be clear, cyber liability insurance will not prevent someone from hacking into your system, but it will, however, pay for the significant financial losses that result from a data breach.
The International Risk Management Institute (IRMI), defines cyber liability as an insurance policy designed to provide coverage for consumers of technology services or products. The coverage is intended to cover liability and property losses that result when a business engages in various electronic activities, like selling on the internet or collecting data within its internal electronic network. In other words, any business or organization connected to the internet is at risk of cyber attacks that could result in a data breach and there are various bad actors that may be culpable:
Cyber liability provides financial coverage for expenses related to a data breach. These expenses can accumulate rapidly once a data breach is discovered and reported.
A comprehensive Cyber Liability policy will cover first-party costs and third party costs in the event of a data breach. First party expenses are the result of damage to your data and any affected systems. Third-party expenses result from your liability for customers who may be financially affected by a data breach. An example of a data-breach to a small business is described as:
Jeff owns a high-end bike shop in Miami Beach. One morning he received a call from a vendor who advised that their systems had been exposed to a data breach and that they wanted to provide notice to his business.
Since Jeff stores sensitive customer data on his hard drive, Jeff immediately calls a data security consultant to examine his system to see if his business was affected. After examining Jeff’s computer system, the consultant advised that since Jeff’s system was continually connected to his vendor’s system, all of his data were exposed during the attack on the vendor.
Jeff immediately notified his customer base and the appropriate authorities that a data breach was discovered by a security consultant. Jeff then notified his insurance carrier where he had purchased a cyber liability policy the previous year.
Jeff’s exposure after totaling all of the expenses associated with the data-breach was over $1.5 million along with resulting defense costs of several lawsuits brought by customers of $750,000. Since his cyber liability limit was $5 million, Jeff had no out-of-pocket expenses as a result of the data breach.
Your cost for comprehensive cyber liability insurance will depend on various underwriting factors that allow the insurer to determine your potential risk. These underwriting factors include your type of business (some are targeted more than others), the number of transactions each year, what information you collect, the number of computers or devices, and the type of security you have implemented.
A typical example of insurance costs for the following high target small businesses is as follows:
Although your cost of cyber liability will depend primarily on your type of business, annual revenue, and the limit of liability you select, you can expect to pay from $750 on the low end and up to $8,000 on the high end. These estimates are for small businesses. Mid-size and large businesses will typically pay many times these amounts because of the exposure to the insurer.
Small business owners who are considered top targets for cyber attacks and data breach are those that are in healthcare, financial services, insurance services, technology services, online retailers, and online service companies.
The most important thing to remember about cyber liability risk is fairly straightforward; if your business is connected to the internet anytime during the day, your business is at risk of cyber attack and data-breach!
Prices range from $750 to $8,000 and also vary depending on your zipcode: