Do You Need Cyber Liability Insurance?
It may not be something you’ve ever thought about, or even heard of. Cyber liability insurance is a growing need for businesses – and not just big businesses and national corporations, according to Ryan Murray, a vice president at Crest Insurance Group and the speaker for Republic Bank of Arizona’s July ShopTalk event.
All you need to do is look at the numbers to know that the risk is prevalent and the damage can be devastating for a business:
- 6 in 10 small businesses report they have experienced a cyber attack
- $117,000 is the average cost to small and medium sized business
- 60% of these businesses fail within 6 months of a breach
According to Ryan, small businesses experience an average of $21,000 in lost business and another $21,000 in costs related to hiring external professionals to recover from the breach. When you add fines, reputation damage, hiring credit monitoring companies, and notifications to those affected, it can bring a small business to its knees.
43% of cyberattacks target small business
The Types of Businesses at Risk
Virtually any business is at risk of some type of cyberattack. Don’t be fooled to think that your business is safe just because you don’t process credit cards. If you store any type of customer data, you are at risk.
Your company data is also at risk and can be held for ransom, stopping your business in its tracks. So you not only suffer the impacts of business interruption, but also the costs of paying the ransom to release your data. If you think your business is too small to attract cyber criminals, think again says Ryan.
Your banker will never ask you for your personally identifiable information (we already know it)
Ransomware and other cyber criminal activity is big business. Small and medium-sized businesses are targeted because they may not have the sophisticated procedures and preventions that larger businesses do so they are easier to penetrate. Add to that other accidents like a lost laptop and the risk continues to grow.
What is Cyber Liability Insurance?
“Cyber insurance generally covers your business' liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver's license numbers, health records and other customer information,” explains Ryan.
There are two types of Cyber Liability Insurance coverage, explains Ryan: First-party cyber liability insurance and third-party cyber liability insurance.
First-party liability insurance provides financial assistance to mitigate the impact of data breaches and cyberattacks at your business and generally covers the costs associated with these activities:
- Communicating with affected customers
- Providing credit monitoring
- Executing PR and reputation management campaigns
- Business interruption
- Forensic engagements
- Other recovery activities
What if you decide not to engage in some of these activities like providing credit monitoring services, or sending out communications to customers? That could be a devastating mistake, says Ryan. He points to an example of two national companies and how their responses differed dramatically and the impacts associated with those responses:
Company 1: Customer data was breached and the company did nothing. No communication was sent to their customers explaining or apologizing for the situation. The company’s stock dropped dramatically as well as their reputation.
Company 2: Customer data was breached and the company sent a letter to its customers explaining the breach, apologizing for the inconvenience and outlining what the company would do going forward to prevent future incidents. The letter included a $25 gift card. This company’s stock dropped slightly, but it avoided any major negative reputation or business impacts.
Third party liability insurance covers legal expenses that result from a business being blamed for causing another business’s cyber losses. This coverage provides liability protection in case the insured company makes a mistake that results in a client or another business suffering a data breach or cyberattack. Coverage includes:
- Legal defense costs
- Settlements if you and the client settle out of court
- Judgments you're legally obligated to pay after a data breach
- Other court costs
The Cost of Cyber Liability Insurance
Your cyber liability insurance costs will depend on the type of business you’re in, the risk factors associated with your business, the number of personally identifiable records you house, and what types of prevention and protocols you have in place to protect your business from the various forms of cyberattacks and scams. But generally speaking, Ryan estimates the costs to be between $5,000 and $7,000 per $1 million in coverage. Exact costs will be determined after assessing your individual situation.
Employees drive 75% of all data breaches
While businesses can and should implement their own cyber security protocols to help prevent cyber breaches, even the best IT security can’t keep up. That’s where cyber liability insurance can help.