Your Business’s Data Protection and Cyber Risk

June 30, 2015

risk of cyber attack

image courtesy of Stuart Miles

Do you need cyber liability insurance?

As you can tell from our last post on your risk of a cyber attack, the insurance industry is starting to see real life claims for cyber security breaches and lost data. So who needs cyber liability coverage? If you are a business that collects or handles confidential information, or you just have a computer system, you should look into it.

Healthcare, small/medium business, education, IT companies, the list goes on. Anyone who takes credit cards, has employee information, or even considers its data valuable needs cyber insurance. Not only do you have liability exposures, but your client list is probably one of your most valuable assets. It’s property that would cause great harm to your bottom line if lost.

Plus, there’s been a lot of data sharing as companies connect to vendors. This loss of control makes it much easier for hackers to get at the info. And importantly, it also means that just because you hire a vendor to, for example, process your customers’ credit card payments and you are not liable for a breach…you still may be sued.

This means that when you hire a third party to handle your credit card, health records, or email marketing you must do your due diligence on the third party to make sure they have the proper controls in place.

The Cost of a Cyber Attack on Your Business

Add all of this up and you’ll find that Main Street companies are starting to realize they have an exposure to cyber loss. And it’s here that companies are least able to absorb the losses themselves.

The costs could be reconstructing lost data. Or providing notification to customers. This can run into the millions of dollars as you pay to let all the customers whose info was breached know about the incident. And you may have to pay for credit monitoring for a time after the breach for every compromised customer.

There are also regulatory requirements. In New York State you must comply with the NYS Information Security Breach and Notification Act. This law states that any business in New York who owns or licenses computerized data that includes private information must disclose any breach of the data to New York residents.

They must also notify the NYS Attorney General, the NYS Division of State Police, and the Department of State’s Division of Consumer Protection.

(Find more at the State of New York website here.)

But what about your Commercial General Liability policy? The problem is that your General Liability policy covers bodily injury and property damage losses. A cyber loss causes financial and privacy loss, not bodily injury or property damage.

So What Does a Data Breach Actually Look Like?

First off, it’s usually either a malicious attack or an internal mistake. (See our last post for examples of both.) It could be a Payment Card Industry (PCI) claim or personal information claim where names, dates of birth, and social security numbers are breached. (And, interestingly, according to the experts, cyber attacks happen most often on a Friday night.)

It’s not just data breaches to worry about. If your technology doesn’t work it can cause an interruption in your business. The assembly line doesn’t move or the webinar can’t go on. As you’ll see in our next post, your Cyber Insurance policy can take care of this, too.

It all seems pretty daunting, but don’t worry. Next week we’ll talk about the Cyber Liability Insurance policy and how you can protect yourself.

Until next time,

Your SZW Team

Scalzo, Zogby & Wittig, Inc. is your New Hartford area independent insurance agent. Call us for a quote on insurance for your home, car, business, or life at 315.792.0000.