Welcome to the new age... the digital age! Where data breaches are embedded in our lives and there's no escape. They're so common it's almost expected.
But as a business owner, have you ever considered the costs you'd incur to recover from a breach? They're astronomical. They're enough to jeopardize the solvency of any business - regardless of industry.
According to a study conducted by the Ponemon Institute in 2014, the average cost of an attack on a small company with less than 100 employees is a whopping $3.5 million.
The fact is, liability for a data breach will subject a company to unexpected costs, resulting in a loss of revenue. What this figure does not represent is the loss of income the business suffers, the negative effects on the brand and reputation, and the impact to client loyalty.
And these losses may far exceed the cost of the data breach.
So, unless your business is equipped with substantial cash reserves to fund a data breach, as well as significant resources to conduct damage control, and forensic expertise to identify the cause of the breach, you may want to consider investing in a Cyber Liability Insurance policy.
Have you thought about Cyber Insurance, and whether it’s right for your business?
One of the most dangerous and costly mistakes we see business owners make is operating under the false assumption that a data breach won’t happen to them
Consider for a moment, these 5 consequences you're likely to suffer if a breach occurred:
1. Your Commercial General Liability policy won’t cover the attack.
One of the best ways to protect the assets of your business is to carry adequate Commercial General Liability (CGL) Insurance, but it’s not enough in this digital age.
A CGL policy protects your business from damages caused by bodily injury or property damage for which your business is found to be legally liable.
CGL is usually triggered in the event of a loss where you or your employees cause bodily injury to someone, or damage someone’s property.
This leads many business owners to assume that an additional endorsement or stand-alone policy to cover a cyber attack or data breach isn’t necessary. However, assumptions like that can be dangerous and costly, as the CGL policy specifically exclude electronic data.
Imagine experiencing a cyber-attack, calling your insurance agent to notify them of the breach and you hear, “a cyber-attack is not covered by your CGL policy…”
You have no coverage and no idea how to navigate your way through the process of recovering.
Take the time to review your current coverage and identify any exclusions that might leave you vulnerable. The level of cyber liability coverage your business needs is based on your individual operations, and the cost for coverage can vary widely depending on your range of exposure (some policies are as little as $500 per year).
It‘s important to work with an Insurance Advisor who can identify your areas of risk, and then tailor a policy to fit your unique situation.
2. The cost of the attack is devastating.
With the average cost of an attack on a small company being $3.5 million, it’s no wonder so many businesses are unable to survive.
If you’ve looked into a Cyber Liability Insurance policy in the past and thought it was too expensive, imagine being on the hook for $3.5 million!
And expenses add up quickly.
Forensic examiners may need to be hired, as well as lawyers, security consultants and public relations firms.
Let's not forget the expense of credit monitoring that companies need to provide to their affected customers.
It’s difficult, and expensive, to figure out what happened, how it happened, when it happened and where you go from here to prevent it from happening again.
Most small businesses aren’t equipped to handle this process on their own, requiring outside assistance. Those costs are significant, and could be devastating to your business.
Do you have $3.5 million in a cash reserve?
3. You get caught up in a regulatory nightmare.
The current regulatory framework in the United States does not provide a national uniform data breach notification standard. The few federal regulations that do exist cover specific industries to govern health related and financial related data breaches.
The Federal Trade Commission (FTC) has used its authority under Section 5 of the FTC Act to take enforcement actions related to data security. This regulatory structure makes compliance complex, so individual states have attempted to create more targeted laws regarding data breaches.
California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach.
Today, 47 states (including Ohio) and the District of Columbia have data breach notification laws in place. Only Alabama, New Mexico and South Dakota have yet to enact such laws. Verification laws vary from state to state, making it important for companies to understand the applicable laws in their state.
Congress continues to debate a move toward a national data breach standard to replace the patchwork of state and sectoral laws, but progress has been slowed for various reasons. As a result, the regulatory framework is fluid and complex.
If your business suffers from a data breach and you don’t have Cyber Liability coverage, you will be left to navigate your way through all of these different laws. And worse...
If you do business on a global scale, you will have to deal with different laws in different countries. Failure to follow these laws, within the specified timeframes, could result in hefty fines that cripple your business.
If you’re trying to recover from a data breach and restore your income, you probably don’t want to be reading through various regulatory and compliance guidelines. Dedicating resources to read through these guidelines and ensure compliance to them would be timely and costly.
A Cyber Liability Insurance policy could provide assistance with navigating these complex regulations, as well as any fines or lost revenue that resulted.
Your focus should be on getting your business up-and-running, while data breach experts sort through any legal issues on your behalf.
4. You get caught up in legal battles or even face jail time.
Your business is responsible for providing sufficient security to prevent hackers from accessing your customers’ data, and is responsible for notifying those customers in the event of a breach according to the applicable laws.
Recently, the federal government has taken action to impose severe penalties on companies that fail to properly report breaches.
Public pressure has added fuel to the fire and numerous bills have been introduced in an attempt to answer the data security issue. As a result, criminal penalties can be imposed for those who knowingly fail to report a security breach or fail to report it properly, which could include fines and possible jail time of up to five years for serious infractions.
In addition, individuals affected by a breach can bring civil action against a business for personal injuries, including emotional distress that was brought on by the breach.
Through the Personal Data Protection and Breach Accountability Act of 2014, the federal government is holding businesses responsible, and is committed to pursuing restitution from companies in the event of a breach.
With all the different regulations, it would be easy for any business to make a mistake when recovering from a breach. A Cyber Liability policy would not only help with navigating the different legal issues, but it could cover any financial losses due to legal battles.
5. You go out of business.
In recent years, nearly 60% of the small businesses victimized by a cyber-attack closed permanently within six months, according to a study conducted by Symantec.
These results prove that businesses are struggling to implement the proper policies and controls to prepare for and mitigate the legal, regulatory and financial risks associated with a breach.
Many of these same businesses are putting off buying Cyber Liability Insurance policies because they fear the costs would be too prohibitive. However, responding to a data breach without a Cyber Liability policy is far more costly compared to a breach that’s covered by insurance.
A Cyber Liability policy will help your business not only deal with the legal and regulatory requirements of a breach, but also help restore your business to its pre-loss condition so that you don’t become one of the 60% that goes out of business.
Curious about what you can do to prevent Cyber Crime?
Cyber Liability Insurance is a must for all businesses in operation today. No business is immune… claims can be as simple as an email that’s passed from your address throughout your entire network. The damages can be significant, and you can be held responsible.
In addition to the reimbursement of claim costs, Data Breach Insurance can provide businesses with access to expert professionals who ensure that you comply with all regulatory requirements, are properly advised on measures needed to prevent a data breach, and can handle any data breach if it occurs.
Cyber Liability Insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t.
The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It’s important to work with an Insurance Advisor that can identify your areas of risk, and customize a policy to fit your unique situation.
If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal and we’ll get to work for you.