Cyber liability: What you need to know about your risk

Cyber liability remains one of the most prevalent and hottest topics in insurance — and will continue to be for some time. But many business owners still don’t correctly perceive their risk.

Small and midsize business owners tend to limit their perceived risk to a narrow set of circumstances, says Chris Zito, president of Zito Insurance Agency, Inc. For example, if they don’t take credit card information, then there’s no reason to buy cyber liability.

“The reality is the better cyber policies cover a number of internet and/or data breach-related exposures that aren’t limited to credit card information or electronic hacking,” Zito says.

The most commonly acknowledged data breach is hackers accessing a company’s server, but breaches can take place in other ways. An employee might leave a client file on a desktop; not properly shred documents; use an unencrypted phone, laptop or tablet; leave a mobile device in an airport or Starbucks; or use Wi-Fi in an unsecure environment.

In addition to potential data breaches, another example of an exposure is email liability. Companies can be exposed to liability for allegations that transitions of corrupted emails caused harm to the recipients’ networks.

Smart Business spoke with Zito about what companies need to know about cyber risk and liability.

Which companies face cyber risk?

Everybody has some level of cyber exposure. A privacy or data breach can certainly come from somewhere other than a hacker.

Nearly every organization keeps confidential or what’s called personally identifiable information. Even if your business doesn’t keep that kind of information about customers, it still may maintain and/or transmit medical records and Social Security numbers for its own employees.

Medical providers or financial institutions, for instance, have more risk because they literally have thousands of confidential records with personally identifiable information, but that doesn’t eliminate others from some kind of risk.

The more access the outside world has to your data, including employees using social media or mobile devices accessing the company’s server, the more exposure you have.

How has cyber liability insurance evolved in the marketplace?

Like any relatively new coverage, cyber constantly evolves.

Insurance carriers are consistently coming out with broader, better forms, in an effort to keep up with the changing exposure generated by advances in technology.

Generally there is no standardized cyber coverage policy language. Many carriers’ policies will look similar but very few will be identical.

Much like when employment practices liability was introduced, cyber liability started out as very expensive, requiring extensive underwriting.

As carriers have become more comfortable with the cyber exposures, they’ve begun adding cyber endorsements, with limited amounts of coverage at affordable pricing.

What’s important for employers to know about buying cyber liability insurance?

It is important for companies to understand what coverage is actually being offered by these endorsements as some may only provide coverage for reimbursement of mandated expenses, and no coverage for legal defense or settlements.

It usually comes down to affordability.

With the evolution of the cyber landscape being a near certainty, in addition to implementing internal security measures such as data encryption and firewalls, companies should buy the broadest coverage they can afford.

Insights Business Insurance is brought to you by Zito Insurance Agency, Inc.