Every organization today is at risk for some variation of a cyber attack. As technology becomes more complex and sophisticated, so does the need for businesses to keep themselves and their customers safe from a cyberattack. What does this mean? It means that every business plan needs to include a cyber threat analysis and a plan for what happens when cybersecurity is at risk.
It can’t happen to me….
Long gone are the days when you could sit back and say it won’t happen to me; what you should be saying is: When it happens are we prepared? Cyber threats are changing by the minute, and your protection needs to be ever-changing as well. Consider these facts.
- 43% of cyber attacks target small businesses under 50 employees
- 60% of small businesses close their doors within 6 months following a cyber attack
- There is a hacker attack every 39 seconds, affecting 1 in 3 Americans every year
- 95% of cybersecurity breaches are due to human error
- Only 38% of global organizations claim they are prepared to handle a sophisticated cyber attack
- Total cost for cybercrime committed globally totaled over $1 TRILLION dollars in 2018
What does Cyber Liability Insurance cover?
The goal of cyber insurance is to transfer some of the risk of a security breach to insurance. Cyber insurance can’t stop data breaches or cyber attacks from happening, but it can help you prepare for an attack and respond when it occurs.
- Risk analysis and security score
- Breach notification to customers
- Credit card monitoring services
- Costs to retain a public relations consultant to help restore your reputation
- Consulting and forensic fees to identify and resolve the cause of a data breach
- Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information
What else can we do to minimize risk for a cyber attack?
Cyber insurance can be helpful, but it should not be a substitute for having proper security policies, training, testing, and education of your employees. This should include a cyber risk strategy that reviews the value of the data, type of data, and exposure to the data. Consider the scenarios below – they may be preventable if employees handling your data are vigilant and understand the risk associated with actions.
- An employee mistakenly sends a batch of personnel files to the wrong email address
- A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system
- While on business or vacation travel you lose your cell phone or laptop, which has sensitive customer information stored in your email’s Inbox
Claim Costs…
-Exhibit A- | -Exhibit B- | -Exhibit C- | |
Type of Attack | Cloud Hack | Online Ordering Shutdown | Phishing Email |
Company Profile | Construction Company with Offices Nationwide | Clothing & Accessories Manufacturer | Medical Group |
Estimated Total Costs | $862,775 | $10,797,600 | $590,000 |
For most businesses the quick answer is yes, let’s purchase cyber insurance. However, it’s important that you also take proactive measures to ensure proper security policies are in place and that tools such as endpoint security software are up-to-date to help minimize risk. In the event that a cyber attack does occur and you need to file for insurance, you will need to prove that your company did everything possible to prevent the attack.