BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Why You Need Cyber Liability Insurance

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 20 Jan 2014 18:09:26 -0700
http://smallbusiness.yahoo.com/advisor/why-cyber-liability-insurance-174046460.html

Cyber hacking is big business, and no one is safe. Not individuals, not
small businesses and not large corporations. All of your data including the
names of your customers, their contact information and the social security
numbers of your employees are valuable information to a cyber-hacker.
Unfortunately, your business and standard property insurance does not cover
your most important asset, but cyber liability insurance does.

Even a business interruption insurance policy will not come to your rescue
if your systems fail because of a malicious employee, computer virus or a
hack attack. Identity theft, telephone hacking and phishing scams are very
real possibilities and not covered by traditional business interruption
policies. Cyber insurance will cover for loss of profits because of a
system outage that is caused by a non-physical peril such as a virus or
attack.

You can be held liable if you lose your third party data. You may offer
non-disclosure agreements and commercial contracts that contain warranties
about security. If your data is breached, you could have expensive damage
claims. There are severe penalties for losing credit card data. Merchant
service agreements mean that you will be responsible for the expenses of
forensic investigations, credit card reissuance costs and the fraud
conducted on the stolen cards. Cyber insurance will protect you against
most of these expenses that could run into hundreds of thousands of dollars.

In the U.S., most states have breach notification laws, and other countries
are following suit. To comply with these laws takes time and money in the
event sensitive personal date is lost. Written notification needs to be
sent to those individuals who have been affected. Even if there is no law
yet, a reputable company that protects its brand will provide breach
notification. Cyber insurance could also cover regulatory fines or
penalties.

Social media sites expose information at light-speed with little control.
Your business site as well as your employee’s activity on these sites can
trigger liability, if your business is responsible for the sites.
Defamatory statements, leaked information and copyright infringement can
all be covered with a cyber insurance policy. It may also cover the cost of
a public relations firm to repair any damage done to your brand. It is
becoming more and more likely that your business reputation will suffer
from a cyber security breach. Losing the trust of your customers can be
much more damaging than the financial loss you will incur to repair the
effects of the breach.

When you look into cyber insurance, make sure all instruments are covered
including laptops and mobile phones. Portable devices make it much easier
to store and lose information. For example, a missing USB stick, a stolen
iPad or a laptop left in a taxi are all real possibilities and, for a
hacker, a goldmine. There are viruses being built just to attack mobile
devices. Cyber insurance will cover stolen, lost or virus infested mobile
devices. You can work with your insurance provider to integrate cyber
liability insurance with your regular business insurance and employment
liability policy.

A good insurance carrier will help you with risk management. It is in their
best interest to make sure you have all the protection in place that is
possible. They can make sure a firewall in in place to protect the network
and help you select social media policies that reduce risk. Even if your
data is stored in the cloud, you are still liable for breach. You cannot
control how a cloud provider handles your data, and they do make mistakes.
Your cyber insurance will protect you from this.

Large corporations may have risk management budgets, but small companies
usually don’t. They may not have the financial means to not only pay for
the fees and lawsuits that come with privacy breach or data loss, but also
to stay afloat throughout the process. Most hack attacks target businesses
with less than 250 employees.

Cyber liability insurance has been available for about 10 years. However,
it is very rarely purchased. The data and information of a business is
worth much more than the equipment on which it is stored. This will change
as insurance companies understand the risk responsibilities and consumers
understand the risk transfer benefits.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: