Cyber Insurance Policies – Can your Business Customers Afford not to have one?

Data breach is a rapidly evolving issue that all agents should be aware of. High profile breaches like TJ Maxx and Target have increased awareness of cyber threats and made the insurance industry a go-to source for information around data security and risk management. As of this writing, the Identity Theft Resource Center has compiled a list of 353 data breaches reported in 2014, with an exposure of over 9 million records. The risk extends beyond the big brands we all know. Small- to medium-sized businesses are also being targeted and may have exposure that their commercial general liability or professional liability won’t cover. As larger corporations tighten up their infrastructure and security protocols, the risk of small businesses (fewer than 250 employees) being targeted has risen to 30%, or 1 in 5.2. When you consider the average cost of a cyber-attack on a small business is $188,242, you can understand how nearly two-thirds of the businesses affected are out of business within six months. As the level of awareness increases, business owners are asking their insurance agents, “What should I do and how should I manage this risk?” What type of businesses are most at risk? Any company that holds or processes personally identifiable information (PII), such as name, social security, date of birth, or credit card information is at risk for a data breach and may require an obligation to notify all those who were affected and offer some mitigation on their behalf. Many businesses accept credit card payment, from your local pizza parlor to auto repair shop, and that processing can be done any number of ways, including a smartphone. In the past, the most common way to experience a data breach was improper disposal or distribution of printed records. Now the most common cause of a data breach is through a malicious or criminal attack, followed by human error or a system glitch. It’s worth noting that a data breach can still occur the old fashioned way, discarding paperwork containing customer data into the recycling bin is a serious matter! What should these businesses have for coverage? As an agent, review your customer’s current insurance. If the client does not have a data breach or cyber liability policy they probably have little to no coverage. In general, you want to inform your business customers of the risk to themselves and the exposure they may have, and suggest a cyber-liability policy. A cyber policy at a minimum should cover: The cost to respond to a breach. This includes cost to notify (required in most states), cost to assess the extent of the breach, crisis management, credit monitoring and identity restoration for affected individuals Legal defense costs in response to legal actions that may occur as a result of a breach First Party costs, such as data recovery and expenses for loss of business income With the number of data breaches continuing to increase, the industry is now seeing a continuity of coverage and pricing not seen before, as well as an increase in the number of insurance companies now offering cyber products. Bottom line? Your business customers cannot afford not to have a cyber-policy in the world in which we do business today.