The amazing technological advances of today’s modern age has changed our everyday life and especially our business practices. There is not a business out there that does not use a computer at some point in their regular process. We are utterly dependent upon them. Because of this, today’s modern criminal has also adapted. I think of them as “Tech Pirates”. Just like back in the days of old, on the high seas, pirates attacked a ship, breached security, stole everything they could, and often held hostage the ship, crew, and anyone else on board. Their goal was profit. Today, Tech Pirates attack us at home and at work, and They are VERY good at it. Billions of dollars are stolen every year through cyber-attacks and data breach.
As a business owner, you are legally responsible for any information obtained from your systems or network about your customers, clients, and employees. My goal in this article is to give you some of the basics of cyber liability. I will briefly tell you what it is, how it occurs, what you can do to help prevent it, and most important what to do when it happens to your business.
What is Cyber Liability?
Cyber Liability is the actual liability associated for a business after a cyber-attack or data breach has occurred. Before we go any further, let me ask you a few questions about your business.
- Do you use the internet?
- Do you process credit card transactions?
- Do you store any personally identifiable information about your clients or employees?
- Do you have a wireless network in your office?
- Do you use any storage systems, such as “The Cloud”?
- Do any 3rd party vendors have access to your system?
- Do you or your employees use laptops, smart phones, or tablets that store information or access your network?
If you answered yes to any of these questions, then your business is at risk for a cyber-attack and data breach.
What is a cyber-attack and data breach?
A cyber-attack and data breach is an incident in which sensitive, protected, or confidential information or data is transmitted, viewed, stolen, or used by an unauthorized individual (pirate). A data breach may involve financial information such as credit card or banking details, Personally Identifiable Information (PII), internal communications, emails, trade secrets or intellectual property, and cyber extortion.
How does a cyber-attack or data breach happen?
The most common attacks come from a computer virus or Malware, phishing, fake emails that look real, fake websites that mirror real websites, attachments to emails, and pop up banners, ads, or gossip. These examples are from outside your business, but there is still a large risk within your business. Human error can lead to these as well. Accidental disclosure of information, such as an incorrect email address, is surprisingly prevalent. Another cause is a dishonest employee or disgruntled former employee. Look at what recently happened with Wells Fargo.
In 2015, the leading cause was lost or stolen devices such as laptops, cell phones, and tablets. For 2016, so far the #1 is Malware viruses. Some famous examples of cyber-attack and data breach are:
• Target – 110 million customers exposed by 3rd party phishing
• Home Depot – 56 million credit cards at risk due to Malware
• Sony – Malware virus
• Wells Fargo – Dishonest employees
Today 60-70% of all attacks are on small businesses. Why? Because they are EASY! The largest misconception is that they think they are too small to be at risk because Tech Pirates would not bother with them. That is not the case. Most small businesses do not have the security of a big business. Most set up their own networks and systems and lack the proper security measures. A small business may be a step to a big business such as the case with Home Depot. The access started with a 3rd party A/C vendor that had access to home depot’s network.
Now that we have confirmed how and why you are at risk, lets discuss how you can help prevent it.
- Update anti-virus software. Set it to “auto update”.
- Use strong passwords (numbers, symbols, and sentences).
- Control access to computers – create user accounts.
- Teach your employees the basics of internet security.
- Two step authentication needs to be mandatory for funds transfers, etc.
- When in doubt, throw it out”. Delete suspicious emails, links, etc.
Cyber Liability Insurance Coverage
Every business has a General Liability policy. Cyber Liability is NOT covered on your GL policy. You are legally and financially responsible for any cyber breach that occurs from your business. The absolute best way to protect your company is with a Cyber Liability Insurance Coverage Policy (CLIC). A CLIC can do the following:
- Cover damages associated with PII exposure
- Provide computer security services in the event of a breach
- Legal notifications – which are required by law
- Set up a call center for victims
- Credit monitoring and restoration services for victims
- Public relations crisis management
- A good policy will send a “Breach Coach” to your office and manage all of this with you.
- These policies can also cover business interruption, business equipment, cyber extortion, and data loss.
Surprisingly, these policies are not that expensive. They start at around $1,000 per year depending on the type of business. That is $2.75 a day! A policy like this can save you millions in damages and expenses. It can mean whether or not your company remains in business or has to shut down. Most small businesses will not recover after a data breach.
In 2016, Cyber Liability is the #1 threat to businesses. The reality is: “There are only two types of companies; those who have been hacked and those that will be” – Former FBI Director, Robert Mueller.
If you would like any more information on Cyber Liability, please contact Joseph Dominguez from Dunham Insurance.
2601 E Oakland park Blvd. #303
Fort Lauderdale, FL 33306
Written by Joseph Dominguez – Vice President of Dunham Insurance