Many businesses neglect cyber and privacy issues because they simply don’t believe they are at risk or they do not fully understand the exposure.
“The majority of them think they’re safe because they have a secured firewall in place and virus protection. This is the biggest misconception out there. In reality, data thieves are simply looking for the path of least resistance. Owners of small to midsize businesses who become complacent or think they have adequate protection against cyber and privacy attacks can actually be a bigger target than large companies,” says Derek M. Hoch, president of Leverity Insurance Group.
Attacks can be harder for small and midsize businesses to recover from. Many businesses close permanently within six months after being victimized by cybercriminals.
“That’s why it is vital to have adequate controls and the proper insurance in place,” says Hoch.
Smart Business spoke with Hoch about cyberattacks and how business owners can protect themselves.
What are the cyber and privacy issues for business owners?
Cyber and privacy liability is best described as any third party or first party hacking into your database for personally identifiable information (PII). This includes access to names, dates of birth, Social Security numbers, credit card information, emails and passwords. Ultimately, this can potentially lead to identity theft and/or cyberextortion.
In addition, businesses that operate with paper files or ‘non-electronic’ information have the same potential to be compromised by both third parties and employees.
However, the most overlooked exposure to business owners is the actual cost of a data breach when your records have been compromised. On average, a data breach can cost a company more than $200 per record when considering loss of business, ongoing forensic expenses, notification costs and credit monitoring.
What types of businesses need cyber and privacy liability coverage?
Every business owner has exposure on some level if they have third-party and/or employee information stored on a computer or in paper files.
Cyber and privacy liability is relatively new, so most business owners don’t even know that the coverage exists or is available in today’s insurance market. It is a significant exposure and should be included in your overall risk management program.
How can businesses protect themselves?
It starts with the culture of the business owner and includes training employees to use proper cyber and privacy security policies and procedures. This list of procedures should include the following at a minimum:
• Use passwords on all computers, laptops, tablets and smartphones.
• Regularly change passwords every 30 to 40 days.
• Limit employee access to data.
• Restrict authority to install software unless approved by management.
• Provide ongoing training for employees who gather, use, transmit and dispose of confidential data.
• Install and update anti-virus and anti-spyware programs on every computer. Smartphones and tablets are often overlooked, yet most salespeople out in the field are using them.
• Back up your data off-site in a secure location, not in the same facility of your day-to-day operations. If the system is hacked or temporarily shut down, you can still retrieve the information and continue to operate your business.
Isn’t cyber and privacy liability part of standard business insurance?
No, most insurance policies exclude this coverage or may offer a small amount of ancillary coverage to recover or reconstruct any lost data. Cyber and privacy exposures are not covered under any property, general liability, crime, directors and officers liability, or umbrella policies. Business owners need to purchase a true cyber and privacy liability policy including security and privacy liability, notification and forensic expenses, business interruption, and cyberextortion to complete the proper risk management of their business.
Derek M. Hoch is president of Leverity Insurance Group. Reach him at (216) 861-2727 [email protected]
Social Media: Keep up on issues that could impact your business at www.linkedin.com/company/leverity-insurance-group-inc.
Insights Business Insurance is brought to you by Leverity Insurance Group