Data breaches are an intimidating fact of life for businesses big and small. Being a victim of one can not only have embarrassing consequences, but it can hurt an establishment’s credibility, which in turn means less business.
Just this month, Web.com, Yahoo and Bed Bath & Beyond disclosed that they were hit by cyber-attacks that compromised sensitive customer information. Even social media giant Facebook has taken a hit over the hundreds of thousands of users who had their personal information leaked to Cambridge Analytica’s Strategic Communication Laboratories through a third-party app that posed as a personality quiz.
"We didn't take a broad enough view of our responsibility, and that was a big mistake," Facebook CEO Mark Zuckerberg said during a 2018 hearing on Capitol Hill.
Businesses have taken notice of these online threats and have increasingly sought out cyber insurance to protect digital files and databases. A report from insurance broking and risk management company Marsh revealed that U.S. clients buying cyber insurance has doubled, from 19 percent in 2014 to 38 percent in 2018.
“It’s a pretty new form of insurance. In the last 10 years, it’s really been more prevalent,” Robert Morris, president and broker at Rampart Insurance Services explained to FOX Business.
He added, “We’re seeing an increase every year in excess of 30 percent of our clientele are buying cyber insurance.”
Regarding what cyber insurance actually is, Morris said the following:
“Cyber insurance is a product that you buy and a policy is issued by an insurance carrier that’s pretty much based on the risks inherent in the use of the internet. It’s also related to information technology. So, for example if there is fishing and hacking or phony bank alerts, suspicious phone calls, stolen wired money to identity theft – it all falls under cyber.”
Having a policy that covers cybercrime allows an insurance company to assist with payouts for the restoration of stolen services, credit monitoring for clients, notifying affected individuals, state penalties, record consolidation and public relations hiring.
Diane McNally, senior vice president and principal of Segal Select Insurance told FOX Business that cyber insurance can be coupled with liability insurance for full-fledged protection.
“The value of cyber insurance is to provide coverage that can help pay for the expenses associated with discovering and rectifying a potential incident or actual attack, along with liability insurance for costs associated in defending your firm and employees if your company gets sued as a result of a cyber-breach,” she explained.
“When a breach is not directly caused by the company, but by one of its third-party vendors, it can have a ripple effect no matter how small or large your company size,” McNally pointed out. “There are increasing numbers of breached healthcare records where a vendor’s breach impacted their clients’ information due to hacking or IT Incidents.”
One such example she cited can be found on the Office for Civil Rights website. There, users can see an active list of all the reported healthcare providers under investigation for having cyber breaches. Through this portal, it can be seen that hundreds of thousands of Americans have had their information compromised.
Although cyber insurance policies can provide an assortment of services that prevent or proactively repair the damage done by cyber-attacks, it’s not as expensive as some would think. Morris said cyber insurance policies start for "as little as a $1,000 and on up.”
He noted that the cost will go up incrementally depending on how big a business is. There are also more requirements for larger IT departments or firms.
Any business that is new to cyber insurance, Morris advises them to meet with a knowledgeable broker who can go through a policy line-by-line to avoid dissatisfying exclusions.
For some independent business owners, cyber insurance may not be a top priority purchase. Industry experts believe to be a mistake, however.
“It’s not a matter of if, but when a hacker will attack. When a hacker perceives an organization does not have sufficiently sophisticated systems they are likely to strike —again and again,” McNally warned.
A smaller-scale business can be significantly hurt or risk bankruptcy if legal action is pursued and there are not enough funds to cover the cost of litigation.
“How a company responds in handling a cyber-attack makes all the difference to the financial impact, and the toll it takes on the organization's brand,” McNally said. “In some cases, businesses [have] suffered severe repercussions and had to lay off employees.”
McNally referenced a ransomware attack that took place in May against the City of Baltimore. According to a report from The Baltimore Sun earlier this month, the city purchased $20 million in cyber insurance to cover potential disruptions in local networks over the next year.
In her own words, “The perils of not having cyber insurance in place, or delaying the purchase, can prove to be even more costly than buying it in the first place.”