In the course of life I find all sorts of reasons to worry. It really doesn’t take much to get me going. But technology is my business and it takes a lot to shake me, but recently I’ve been shaken. The rise of high profile and continued data breaches, the widespread and evolving threat of ransomeware and other cyber threats, it seems nothing is really safe. Our personal, financial and social lives are all so connected to the Internet and it seems like there is no where to hide.
Is the risk real, am I really a target?
The truth is these concerns are real, not some boogieman. They are not abstract theoretical risks and I’ve been working with clients over the last few years dealing with their impacts and helping them try to avoid them.
Some of these experiences have included the following:
- Ransomware attacks including Cryptolocker, Locky, Cryptowall, etc. Costs involve cleanup (removing the infection), restoring lost data (either from backups and/or paying ransom) and down time caused by systems being taken offline and made inaccessible. These costs add up ranging from a few thousand dollars to tens of thousands of dollars.
- Online store fronts being compromised by foreign attackers who compromise sites and code to steal CC and other info. Even in situations where these compromises take place with 3rd party services, culpability and responsibility have been murky and has caused significant cost to clients. Costs range in Notifications requirements, cleanup and due diligence, legal fees, etc. and can range from a few thousand dollars to tens of thousands of dollars.
- Disclosure of Personal Information (Legally protected by State and Federal laws) through accidental disclosure (Laptop lost, accidental email, etc.) and from flawed 3rd party software/services that become compromised or flaws allow unauthorized access. Costs for these types of situations can range from a few thousand dollars to tens of thousands of dollars due to disclosure/notification requirements, software/service changes, legal fees, state and federal enforcement actions and potential liability implications
- Lost funds due to Compromised/Hacked network computers and equipment caused by accidental user actions or faulty unpatched software solutions. Many times these bank funds can’t be retrieved and are lost forever. Other costs include disruption to business, interruption to line of business resources, and other mitigating efforts.
Businesses must take these risks seriously and protect themselves like they do for any other risks. Cyber Insurance is now a real and effective tool for protecting businesses against real and significant financial losses.
What are the options and costs?
Cyber Insurance policies used to be cost prohibitive, poorly defined and confusing to understand. However, today there are lots of good options. A good policy should cover the below items, which are not included in Professional Liability solutions:
- Access to or Disclosure of Nonpublic Files
- Breach Notification and Credit Monitoring
- Lost Business Income
- Reputational Damage
- Loss or Damage of Computer Systems
Costs can range starting from a couple thousand dollars for a business with a million dollars in gross revenue.
What about all the technology I’ve put in place to protect my business?
In addition to good layered security solutions including Next Generation firewalls, network/computer monitoring, security software, user training and an up-to-date Written Information Security Plan, Cyber Insurance is a good tool that all businesses should be considering.
No matter how good your protections are, mitigating all the risks is impossible. The risks are constantly changing and Cyber Insurance is there to help fill that gap.