Self-Audit: How to Tell if Your Business Needs Cyber Insurance

When it comes to security, many business owners are still a bit old school. They have their security cameras and alarms in place and make sure the doors are locked tight each night. However, they still leave themselves exposed to an even bigger vulnerability—online and cyber theft.

Cybersecurity needs to be a focus for every business—including yours. In January 2019, 1.76 billion records were leaked in data breaches. You might assume these only target large corporations, but hackers don’t discriminate when it comes to the data they seek. In fact, 43 percent of all data breaches target small to medium businesses.

Wondering If You Need Cyber Insurance?

If you’re asking yourself if cyber insurance is something you need, the answer is most likely an emphatic yes.

Maybe you aren’t completely out of the loop. You have a firewall and antivirus software on company gadgets. You make your passwords stronger than the average user. If you’re more tech-savvy than most, you may even have your employees and contractors undergo training on protecting company data. Still, when you consider that even massive corporations experience cybersecurity breaches, it’s clear that despite your best efforts... you’ll have vulnerabilities.

Though your business may be small, the stakes are high. Over half of all small businesses will experience a cybersecurity incident every year, resulting in an average of $1,835,000 in losses. For many entrepreneurs, this would likely end their business. For many entrepreneurs, this would be a death sentence for their business. 

General Liability Insurance vs. Cyber Insurance

The first insurance policy you took out for your business was no doubt general liability. Given a basic understanding of the policy, it sounds like it should cover you after a cyber attack. After all, your data is your property. Right?

Take a closer look at the language of your general liability policy and you’ll likely find that the property covered is “tangible property”—that which can be physically touched. Digital property isn’t covered. Even if there is a provision for digital data, it’s rare for it to cover more than loss related to physical damage to computers or servers.

Another option you might have opted for is a cyber addendum tacked onto your primary policy. This is better than nothing, but it isn’t quite enough. These add-ons tend to have significant limitations and low coverage amounts that might not be enough for even a single cyber breach. While it’d be nice for your general liability policy to offer the coverage you need, that likely won’t be the case. 

What Cyber Insurance Includes

Cyber insurance is different from most types of policies in that there is a lot of variance between companies offering it, and in most cases, you’re given multiple options for customization. There are two broad categories policies fit into, and your business likely needs both.

• First-Party Response Policies: This type of policy covers the expenses related to notifying parties about a security breach and rebuilding your company’s reputation.
• Third-Party Defense Policies: This type of policy covers legal expenses incurred as a result of a cyber-attack.

Within these broad categories, there are other features and coverage types that allow you to tailor your policy to your specific needs. These include:

• Extortion: Coverage for payments to extortionists who hold data hostage or threaten to release sensitive data if not paid
• Theft and Fraud: Coverage for data destruction, theft, and transfer of money related to a digital breach
• Business Interruption: Coverage for income lost related to interruptions in your operations as they relate to cyber attacks
• Forensic Investigation: Coverage for investigative, legal, and technical services that help to assess the damages caused by a data breach
• Data Loss and Restoration: Coverage for the loss and recovery of data

While you can generally pick and choose what you have covered, most businesses will benefit from a comprehensive policy.

Signs You Need Cyber Insurance

If you have any data on a computer, tablet, cloud, USB stick, etc.—you need cyber insurance. Chances are good that if you’re reading this, at least one of those applies to you. We understand being hesitant to take out additional coverage; every penny matters for business owners. To help make your need for cyber insurance more concrete, here are other signs that indicate you should take out a policy.

• You collect personal information from your customers, such as phone numbers, emails, and home addresses
• You record credit card and debit card data at the point of sale
• You store data related to purchases you make from suppliers, including their personal information or bank account numbers
• Your website allows customers to create a profile requiring log-in information
• You keep track of purchase histories

If any of these describe your business operations, then it’s time to call your insurance agent and take out a cyber insurance policy.

Free Guide: Workers' Comp Cost Cutting Strategies

Your Guide to California Cyber Insurance Policies

With decades of experience, we know how to get your company the insurance it needs to survive cyber-attacks. To learn more about what we can do for you, contact one of our knowledgeable agents at Leap | Carpenter | Kemps Insurance Agency today.