Cyber Security Insurance: Does Your Company Need It?

“Cybersecurity – A Special Report”…with newspaper headlines like this in the The Washington Post, cyber security is THE hot topic.  If your company uses a computer, credit card, checking account, files a tax return, employs smart phones, or uses iPads, your business is a target for losing intellectual property or becoming the vehicle for a cyber attack — with a huge financial loss as the result.

For individuals the theft or misuse of private information occurs daily.  Signals stolen while using public internet, misplaced cell phones, fishing attacks on home computers, and theft of personal computers happen throughout our society and result in long-term financial crisis.

Small Business owners face even greater obstacles from cyber attacks.  A recent National Small Business Association reported 44% of their 800 surveyed members had fallen victim to a digital break-in.  What are the steps we can take to help thwart these information criminals?  Solutions for both companies and individual citizens are very similar.

All business firms using the internet must have a strong risk management plan established and adhere to the rules in order to lessen the impact of cyber theft.  With the growth of cloud computing, use of smart phones and tablets, employees telecommuting, and digital information flowing outside the office, cyber attackers have many more access points.  The Federal Communication Commission (FCC) lays out guidelines to prevent cyber attacks.  Among their suggestions are:

• Train employees in security principles.  Use strong passwords with expiration dates.
• Protect information, computers and networks from cyber attacks.  Install fire wall security, the latest security software and web browsers.
• Create a mobile device action plan.  Password protect devices, encrypt data, and install security apps and how to report lost or stolen equipment.
• Make copies of all important data.  Store offsite or in the cloud.
• Passwords and authentication.  Require unique passwords and change every three months.

Many businesses have the additional exposure of outsourcing data.  Many businesses share customer information with third parties who provide billing, payroll, and employee benefits.  Additionally, web hosting, HR services, and information technology services are frequently outsourced.  Despite this outsourcing exposure many businesses do not require third parties to cover costs associated with data breach in their contacts.  When using outside partners, what is the risk-management strategy they use to protect you against financial loss and reputation harm?

Because of the explosion in internet usage many companies are seeking contractual risk transfer and indemnification through insurance.  Starting in the early 1990’s insurance has changed to provide protection for cyber growth.  Today numerous insurance companies either provide stand-alone policies or add the protection with other coverages, such as Directors & Officers policies (D&O), Errors & Omission Policies (E&O), and Fiduciary Liability policies. An E&O policy is a type of professional liability typically issued to companies setting standards for them selves or other clients.  D&O liability coverage is designed to protect companies against their management decisions and covers directors, officers, staff and the organization itself.

Cyber Liability Policies should provide protection for both First Party and Third Party Claims.

First Party coverage includes:

• Network and Information Security Liability
• Communication and Media Liability
• Regulatory Defense Exposure

Third Party coverage includes:

• Crisis Management Event Exposures
• Security Breach Remediation and Notification Expenses
• Computer Program and Electronic Data Restoration Expenses
• Computer Fraud
• Funds Transfer Fraud
• E-Commerce Extortion
• Business Interruption and Additional Expenses

Cyber Insurance helps before the loss occurs by going through a thorough underwriting process to help highlight the potential risk exposures to be addressed.  Nevertheless, should the loss occur these policies help in determining the data leak, PR crisis, IT crisis, and the financial crisis.

The recommendation to combat today’s cyber threat involves risk management planning, assistance from third party partners, and insurance coverage to assist should a loss occur. For more cyber security tips, visit www.US-CERT.com. Learn about the FCC’s Small Business Cyber Planner here.

Mary Jordan, “CYBERSECURITY – A Special Report,” The Washington Post, Thursday, October 10, 2013

Mr. P. Allen Haney is a Strategic Advisor to the Government Technology & Services Coalition. He is also a trusted advisor to business owners and nonprofit executives, Allen Haney is best known for solving problems. His consul on employee benefits, executive compensation, and retirement planning routinely vitalizes the health and sustainability of closely held businesses and associations.

He is most appreciated for his all-inclusive, uncompromising commitment to expand client capacity by uncovering risks and opportunities hidden in blind spots. Read more about Mr. Haney here.