Business, in the age of the smartphone and advancing technology, relies heavily on electronic data. Many companies have a large amount of their value tied up in information assets. Cyber liability is the potential exposure of losing, destroying, or unauthorized disclosures of that data. Hackers elicit the greatest concern, but employee theft and loss can be severe as well.
“Any company that conducts business over the Internet or stores and/or provides confidential information is at risk of a data breach,” says Jayce Stewart, Commercial Risk Consultant with RiskSOURCE Clark-Theders.
Smart Business spoke with Stewart about how to address cyber liability and protect your data.
Why is cyber liability a growing concern?
One reason is that the concept of personal identifiable information (PII) is getting broader. In the past that term referred to information that could be used to identify, contact or locate an individual. In some recent court cases, we’ve seen it include zip codes and email addresses. As that area broadens, data breaches within that PII realm get easier.
There are 46 states that now have regulations concerning cyber liability. That just shows the importance. When dealing with a potential data breach, you need to be up to date on the state regulations, and how to respond and notify the correct parties.
Who should be thinking about this risk?
At first, when cyber liability became an issue, it mostly affected Fortune 500 companies because they store so much data and confidential information. They have such a big platform to be breached. More recently, we’ve seen an increase in data breaches at smaller companies. Verizon recently reported that 72 percent of data breaches from 2009 to 2011 were with companies with fewer than 100 employees.
What steps can businesses take to manage this risk?
One area we’ve found to be important is password security. Make sure your employees have strong passwords. Here are three tips: Don’t use actual words in your passwords. Don’t store them or write them down at your desk. Change them every one to three months.
Another issue is finding the resources to conduct a network security assessment that will show where you have gaps in your system technology and firewall. That service can be accessed through a variety of outside vendors.
The main focus is on the importance of cyber liability insurance. There are three main coverages associated with cyber liability: the cost of notifying customers after a data breach, the cost of replacing lost income for having your business interrupted, and the legal expenses and fines associated with court cases and lawsuits.
How can a company determine how much cyber liability insurance it needs?
The most common misconception is that a commercial general liability policy covers all of your cyber exposure. This is not the case. There are tools now that insurance companies provide for assessing your exposure. Research has shown that the average cost of a record being breached could be up to $200 per record, depending on the size of the breach and the type of data. Discuss this with your insurance agent or your broker. That’s the first step in figuring out how much you need.
What should businesses do to prepare for a possible data breach?
Developing an incident response plan for who’s going to do what and how to notify stakeholders if a breach occurs is a proactive step that will make this exposure a little less invasive.
Come up with a team and figure out the roles. Who’s going to contact our stakeholders, who’s going to contact our insurance agent to file a claim, and who’s going to contact our IT professionals to find out the scope of the breach and figure out how to stop it? ●
Insights Business Insurance is brought to you by RiskSOURCE® Clark-Theders