Cyber insurance is quickly becoming a necessity in the modern business marketplace. Unfortunately, headlines continue to show us that any company that has employees or customers – of any size or type – could be at risk of a data security breach.
One quarter of organizations have suffered a data breach or loss in the last year, averaging more than $1.2 million per incident, according to Bloomberg Law.
That stunning statistic makes it clear that cybercriminals are stealing ideas, research, formulas, source code, negotiation plans, designs, and blueprints on a massive scale.
In 2014, the White House issued new voluntary cybersecurity guidelines after Congress failed to pass stronger cybersecurity legislation. Yet surprisingly, only 34% of businesses carry cyber insurance.
Online Security Challenges: Is Cyber Insurance Really Necessary?
Large companies such as Target and TJX make the big headlines, but cyber attacks are non-discriminatory. Small- and mid-sized companies are at equal risk of attack, as nearly every company worldwide possesses some kind of private information, whether it’s credit card numbers, Social Security numbers, or driver’s license numbers.
In fact, more than a third of global targeted attacks were aimed at businesses with less than 250 employees.¬π
As specific cyber threats are constantly changing with technology advancements, the security challenges for businesses will likely be different tomorrow than they were yesterday. In 2014, the data security company, Sophos, predicted the following online security challenges:
- Cloud attacks: The growth of the cloud has led to attacks targeting data (personal or corporate) stored in the cloud.
- Narrower targets: Industrial espionage attacks are focusing on narrower targets as increasingly successful security measures force cybercriminals to make bigger financial gains from a smaller number of victims.
- Android: Cybercriminals are targeting more attacks on Android platform devices.
- Mobile apps: Mobile security dangers continue from mobile apps and social networks.
- Windows XP: Attacks targeted at Windows XP as it was retired from the market.
Standard property insurance does not cover data damage, destruction or loss, and traditional business interruption insurance doesn’t cover business systems’ downtime resulting from non-physical threats.
How Can Cyber Insurance Protect Business Owners?
Cyber insurance mitigates losses from cyber risks such as data breaches, business interruption, and network damage. It can protect business owners from the wide range of destruction that a cyber attack can incur, such as:
- Credit card liability
- Identity theft recovery
- Unencrypted devices: With the flexible nature of mobile devices in the workplace, it’s common for an employee’s (unencrypted) personal device to store company data.
- Data restoration: There can be a significant cost associated with restoring lost or damaged data.
- Third-party (in addition to first-party) coverage: This will protect not only your business, but your clients/customers as well.
Cyber insurance also protects business owners from the impact of cyber security regulation. All but four states have legislation on the books that requires companies to notify individuals in the case that their information has been breached. For small- and mid-sized companies, the costs of printing, packaging, and mailing this mandatory notification can force them to close their doors.
The Department of Commerce has described cyber insurance as an “effective, market-driven way of increasing cybersecurity” because it may help reduce the number of successful cyber attacks.
For more information about protecting your business and your clients with cyber insurance, contact Gunn-Mowery today.
¬π June 2012 Symantec Intelligence Report
Source: Bobby Darling, Atlantic Special, March 13, 2014
Lemoyne • Lancaster • Dillsburg • State College