Does Your Business Insurance Cover Cyber Attacks?
The risks of doing business online are growing by the day. It seems that every other week, we hear about another major organization that has suffered from a data breach or other cyber attack. In fact, it seems even the political parties cannot seem to keep their sensitive data protected from security breaches. If organizations with multi-million dollar budgets are not secure from online threats, it is safe to assume that none of us are totally protected.
I have business liability insurance, so I’m already covered for cyber attacks, right?
There is a common misconception that your standard business liability insurance policy will cover a cyber attack. This is simply not the case. In today’s digital age, information moves at such a rapid pace, and the online landscape is continually evolving. This makes it highly challenging for business insurers to underwrite cyber-coverage into their standard liability policies. Do not assume you are automatically covered against cyberattacks through your standard business liability insurance, because it is almost certain you are not. If you have questions about your policy, we would be happy to review it for you to help you understand what protections you have or need.
I am not a bank or financial institution, so cybercriminals will probably not target me, right?
Wrong. Regardless of the size of your company and the type of business you operate, if you have a website that has any kind of online visibility at all, you are likely to be targeted. Even if you are not in the financial services industry, you may still accept online payments for your products or services. Beyond that, you may also have customer/client lists that you keep in “the cloud” somewhere that have personal information cyber criminals can use to target those you do business with. The bottom line is every business with a digital presence will probably be targeted or attacked at some point; and when that happens, hopefully, your security measures are sufficient to prevent a breach. But as we have seen with some of the bigger players, this is not always the case.
My online transactions are handled by a third party, am I still responsible for data breaches?
Unfortunately, the answer to that is yes, you may be. Though the third party is in charge of securing their system to prevent a breach, you are ultimately responsible if the personal information of one of your customers is compromised. So for example, if you use a payment system such as PayPal and their systems are compromised, both you and PayPal could end up being responsible if cyber-thieves steal your customers’ financial data.
My IT guys are in charge of my cybersecurity, so they will keep on top of everything, right?
Maybe. But keep in mind that major companies who spend millions of dollars on cybersecurity have still had their systems breached. These companies typically employ several dedicated IT professionals who are charged with monitoring their systems 24/7. Most small businesses cannot afford this level of dedicated support. More likely, you might have one or two IT people in-house, or an outside firm that monitors the systems for you and several other clients. Even if your people are the best in the business, new cybersecurity vulnerabilities arise on a daily basis and they could get past your team or your security measures.
I want to know more about cyber insurance, but where do I start?
Cyber insurance is an evolving business insurance product. The best place to start is to speak with an independent business insurance broker such as Balderson Insurance. Independent agents work with several of the top insurance carriers in your state. Since we are not captive to any one insurer, we are able to do the shopping for you and find the policy that best fits your specific needs and budget. If you have questions about cyber liability insurance, give us a call at (301) 874-0772 for a free, no-obligation consultation.