With headlines regularly spotlighting giant data breaches at Fortune 500 companies, sometimes involving millions — in a few cases even hundreds of millions or billions — of compromised customer accounts, it’s easy to assume that privacy breaches are a concern only for the largest organizations.
But the facts tell a considerably different story. Nearly half of all cyber-attacks target small businesses, and 60 percent of small companies go out of business within six months of an attack as reported by Small Business Trends.
But even for those that remain in business, the costs can be enormous. According to Small Business Trends, companies spent an average of nearly $900,000 to clean up from the theft of IT assets, with the disruption of their businesses costing even more. And with privacy rules increasingly being imposed by various levels of government — the European Union’s General Data Protection Regulation, and the California Consumer Privacy Act a piece of consumer privacy legislation which passed into California law and goes into effective January 1, 2020 as well as other states looking to model laws similar to California, the costs will only keep rising.
Traditional property and casualty insurance does not cover cybersecurity risks. About half of all data breaches are caused by malicious intrusions from hackers, with the other half arising from human errors or systems failures.
According to Advisen’s 2018 Survey of Cyber Insurance Market Trends new to market buyers are 90% small midsize businesses with the manufacturing sector now in 2nd place followed by healthcare. Cyber related Business Interruption coverage is now the most requested coverage.
Who’s At Risk?
So how do you know if you’re at risk? If you answer yes to the following questions, you have a cyber/privacy risk.
- Does your business store customers’ confidential information?
- Does your business retain paper or electronic records of employees or other third parties’ data? That includes Social Security numbers, date of birth information, medical records and banking information, to name just a few.
- Does your business have employees? Most data breaches involve an employee mistake, such as opening unauthorized malware, for example.
In other words, just about every company that’s in business is at risk.
The costs of these intrusions generally go well beyond those already explicitly outlined. There is also inevitable reputational damage when a company’s customer information is compromised. What price can you put on your company’s good name?
How We Can Help
If you have cyber intrusion coverage, it may be time for a comprehensive coverage audit. Carriers are continually modifying their policy coverage forms and making coverage improvements as this coverage continues to evolve. Every cyber policy form is different between carriers. So, it’s important to have someone who is well-versed in understanding the coverage nuances and is keeping abreast of the changing insurance marketplace. Your current policy may not be addressing the latest enhancements.
If you have not yet acquired such coverage — and many third-party supplier contracts now require it — find someone that can work with you to develop the right coverage that best meets your particular business needs.