We’ve seen various highly publicized cyber breaches on the news lately. Despite all the media coverage and statistics showing an increased risk to fall victim to a cyber breach, many businesses do not have a cyber insurance policy.
A research firm Ovum conducted a study in 2017 for a Silicon Valley analytics firm FICO and found out that 50% of US businesses have no cyber insurance. Moreso, 27% of the firms confessed that they have no plans on purchasing such an insurance policy, despite all the risks.
There are a few reasons that those businesses tend to avoid purchasing the insurance plan. One of the biggest reasons, the study found, is distrust of insurance companies.
There are no standardized forms in a cyber liability insurance world. Each carrier’s policy can differ substantially from one another, and the insurance product becomes too complicated for the customer to choose the correct policy that covers all their unique risks.
So, what types of businesses are at risk?
Any company that stores data, customer’s or their own, on the internet is at risk. Even seemingly unimportant data like employee records need to be protected. After all, this type of data may contain full names, addresses and other personally identifiable information that can be used to steal these people’s identity.
While all businesses are at risk if criminals breach their computer security, a firm that accepts payments over the internet is at a higher risk than most.
If you take any payment online in the form of a credit card, you immediately become a target of cyber criminals. After all, that credit card and payment information is exactly what they are after.
PCI DSS, or payment card industry data security standard, has been enacted to protect payment data. It is a security standard for all businesses that accept and process payments online. While it is not a federal requirement, it is mandated by all major credit card companies and financial institutions. Simply said, if you are not PCI compliant, no financial institution will work with you to process the payments from your customers.
How to Mitigate the Risk
Most businesses underestimate the risks they face where their data is concerned. It’s easy to focus on the most significant risk such as a hacker getting into the system and stealing credit card information. However, every business has a set of unique risks involved.
- What if a social engineering technique like phishing was used on an employee and they gave up sensitive data “willingly”?
- Or an employee compromised sensitive data by printing it out and subsequently losing a briefcase containing that critical piece of paper?
- Or, having their laptop stolen during a business trip, again compromising very sensitive data they have direct access to?
Just purchasing any cyber liability policy is not enough. To be a sound investment in protecting your financial stability, fully understanding your cyber risks is essential. Only then you will be able to purchase a policy with coverages that will cover you in most scenarios.
The steps to assess your risks would include:
- analyzing business impact of critical systems being down
- your legal liability of PII information disclosure
- your liability as set up by your contractual commitments with business partners
A knowledgeable cyber insurance broker, partnered with a premier carrier will help you with assessing these risks. They will recommend coverages that uniquely fit your particular organization.
Other ways to mitigate risks are
- staff training to know what to do (and not to do in case of a breach)
- internal audit ensuring PCI compliance
- internal security policy
- periodic review of the security policy to adjust and improve
Does your business have cyber liability insurance? If not, contact us today to get free cyber security and insurance advice.