What is Cyber Liability?
Cyber Liability can seem confusing and overwhelming, but in reality, it boils down to a very simple concept:
If you require customers to provide their personal information in the course of doing business, you then become liable to protect that information from anyone.
It becomes easier once we break down two words from above:
Information: This can be interpreted as anything that can identify an indivdual. The most common examples are Credit Cards, Social Security Numbers, and Health Records. It also can extend to e-mail addresses, driver’s license numbers, and personal passwords.
Anyone: This is where things can get tricky. Most identify “anyone” to be hackers. In reality, “anyone” means anyone. This can be rogue employees that steal information, hackers that break into your systems, or employees accidentally releasing this information via paper or digitally to the general public.
Basically, any information about a person collected while doing business can create a liability for you and your business.
Can you identify some major exposures your business might have?
Here are two examples of Cyber Liability that do not involve a hacker:
- A school wanted to update their summer reading list for the students prior to Fall classes. They asked the administrator to copy and post information from an excel file to the postcards and mail them to all of the students. The administrator did exactly that, but not realizing that each student’s social security number was included and sent out to the public.
- Two siblings inherited a small tax accounting business from their father. Since neither were involved in this industry, they decided to close the doors and clean up. They dumped all of the paper files into the outside garabge bin without shredding them. Someone was able to stumble upon this personal information.
What does “liability” really mean?
- If customer’s personal information is lost or stolen, it now means that your company can be sued by those customers for losing their information. The amount of the suit will vary depending on the type of personal information and volume of customers impacted
- If credit card numbers are involved, your business will face legal action for all of the fraudulent charges racked up by the credit card companies. Consumers are not being held responsible for fraudulent charges but rather the credit card companies are suing the businesses that are at fault of the breach.
- Lastly, your business can face fines and penalties for negligence from regulatory bodies.
Is there insurance available to protect my business? YES!
There is good and bad news when discussing Cyber Liability insurance:
- Good News: There are insurance policies today that protect exactly for the risks mentioned above, and so much more! Coverage now includes protection for 1st party claims. These are losses that directly affect the insured, such as:
Cyber Extortion: This is when your business network is held for ransom by a hacker. Hackers that gain entry into your systems can encrypt all of your files and promise to release them once you make payment to their account.
Social Engineering: Someone is able to gain access to your network and trick accounting or upper management to transfer money to different accounts. Most common is an e-mail from the owner of a company is sent to accounting, demanding a wire transfer immediately to a new bank account.
Public Relations: Costs associated with restoring a business’ image within the community based on the impact of a data breach.
Customer Notification/Credit Monitoring: Almost every state has a specific law that deals with losing personal information. You must notify by the rules of the state the customer lives in, not just by the state your business resides in. This can be very costly and is usual packaged with offering free credit monitoring to the customers that were affected.
Data Recovery/Forensic Costs: In the event that your business data has been destroyed or a breach has occurred, the insurance will hire a Computer Forensic Specialist to retrieve your lost/damaged data as well as determine the effects of the breach to your systems.
- Bad News: BEWARE! Cyber insurance is relatively new and quickly evolving. No two companies are offering the exact same products, and most companies are including limitations on coverage or limits themselves. You should have your Cyber Insurance reviewed annually as the market continues to offer new insuring agreements. A policy written 3 years ago might be obsolete compared to today.
If you are looking to purchase Cyber Insurance it would be best to find someone that is well versed in the industry. I would seek for an agent that can easily describe each insuring agreement, compare them to other markets, and be able to explain your personal exposures specific to your industry.
If your business is based in Michigan and you would like a consultation on how I can help you with your specific needs, please contact me, Taras Shalay, directly at 586-344-1982 or at my office 248-853-0930 ext. 1152. I represent Allied Insurance Managers, our website is https://alliedinsmgr.com/,