There are all kinds of terms to describe the same exposure including Cyber Liability, Privacy Liability, Security, Privacy liability, Data Breach, Network Security, and Cyber Security Insurance to name a few. All of these names focus on your exposure to a data breach. A data breach can occur when personally identifiable information is compromised by hackers, a faulty transaction, malfunctioning technology, simple human error and even lost or improperly disposed data. The effect of a data breach on your small business could be devastating. You will have to pay to notify the affected individuals as well as the potential expenses arising from credit monitoring, identity theft resolution, analysis into how the data breach occurred and any steps needed to avoid another occurrence. These costs can be heavy and time consuming to identify. Security and Privacy Liability Insurance, also known as Cyber liability protects businesses in the event of a costly data breach.
You will be hacked, it is not a matter of if, but when. Data breaches occur every day. While hacking incidents are the most recognizable and expensive cause of data loss, they are not the most common. It’s a startling fact – simple human error accounts for three out of four incidents.
of the data breach cases are from people making mistakes, such as losing laptops and flash drives
are malicious and criminal attacks
are system glitches, such as software updates, which inadvertently expose sensitive private files
No matter the sophistication of the security system, there is little that can be done to eliminate the risk of human error. A common, accidental breach is a real business risk worth considering today.
- Claims for failure to protect information, expense of legally required notifications and credit monitoring to those whose information is exposed, forensic expense to find out and resolve what happened, public relations expense to maintain business reputation, regulatory and payment card industry fines and hacker extortion demands.
- Small business owners have gone out of business due to identity thieves impersonating their business and personal name leading to loan defaults, inability to access credit and loss of business reputation.
- Federal government regulations such as HIPAA, HITECH, and Gramm-Leach as well as forty-seven individual states have all created legislation protecting personal information of individuals. These laws outline a business' responsibilities after a breach, regulatory requirements not to mention the possibility of lawsuits.
- The average cost per record to a business from a data breach is $194.
- Businesses that accept credit cards or debit cards may be subject to fines and penalties for violations of the Payment Card Industries Data Security Standards (PCI DSS).
- Claims arising from activity on your website are likely not covered under your General Liability if it concerns intellectual property or activity in a chat room or bulletin board, including social media.
- The Federal Trade Commission estimates that the average time spent resolving a single identity theft is 400 hours. A business owner or partner or board member cannot properly manage their business while resolving an identity theft
- If the personal credit of a business owner is ruined from an identity theft, that owner may lose the ability to access loans essential to the operation of that business.
The Internet has spun a whole new web of liability exposures. E-commerce, social networking, cloud storage, and other technologies bring great benefits to large and small businesses alike. But with these benefits also come challenges, including protection of privacy, data, and financial information of your customers. If this information is lost, stolen, or compromised, your company is at risk. In fact, you may even be required by law to alert those impacted by the breach and to pay for any financial loss incurred.
Cyber liability coverage offers protection due to unauthorized access of electronic data or software within your network. It also provides coverage for spreading a virus, computer theft, extortion, or any unintentional act, mistake, error, or omission made by an employee. This coverage is quickly becoming more and more important as you embrace technology to help run your business.
If your company is faced with a data breach or cyber-attack, you may be forced to cover breach-related expenses such as crisis management, hiring a public relations firm to manage a data breach incident, costs associated with forensic analysis, the cost of repairing and restoring computer systems if there is a virus that destroys business software and data, and the loss of business income resulting from a data breach.
First-party coverage will insure your business for losses to your own data or lost income or for other harm to your business resulting from a data breach or cyber-attack. This coverage will pay you for things like business interruption, the cost of notifying customers of a breach, and even the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber-attack. Having this funding available in the event of a crippling hack can keep the lights on till you’re able to resume your normal business operations.
What would you do if an email virus impacted the operation of your database and prevented you from serving clients for a day or more? Or what if a hacker or cyber-criminal caused a system outage or extended downtime, leaving your business inoperable? These and other events can destroy your ability to serve clients and bring in revenue, which can have a major long-term impact on the viability of your business.
Business interruption insurance compensates you for lost income if your company cannot operate as normal due to disaster-related damage that is covered under your commercial property insurance policy, such as data breach or cyber-attack. Business income insurance covers the revenue you would have earned, based on your financial records, had the disaster not occurred. The policy also covers operating expenses, like electricity, that continue even though business activities have come to a temporary halt.
If your business handles sensitive customer data (such as email lists, credit card records or other files), data breaches pose a serious threat to your financial stability. A lawsuit resulting from a data breach means your business is responsible for paying legal fees, court-ordered judgments or settlements and other court-related costs.
Third-party coverage protects you in the event of a lawsuit brought by a customer or partner for a data breach that your business' actions or negligence allowed.
If your business experiences a data breach or violation of confidential information during regular business operations, you may be found in violation of privacy laws and be required to pay fines for the violations or other regulatory issues.
You may be eligible for regulatory claim coverage which would offer protection in response to proceedings related to disclosure laws and other governmental actions that can result in defense costs, fines and/or penalties. Coverage does vary and may be restricted by local law.
If hackers gain control of critical systems, they may demand a ransom be paid to avoid additional consequences. Sometimes these can be empty threats, but it’s impossible to know for sure. Paying the ransom can be costly. Taking a chance by choosing not to pay can sometimes put a company out of business.
Coverage for ransom and cyber extortion can be included in cyber liability policies and can help cover the cost of ransom to regain control of network systems. This is often not included in a standard policy, may include a separate sublimit and deductible, and may require adherence to certain conditions set forth by the insurer.