A savvy business owner already knows the value of property and liability insurance. Yet in today’s digital age, more and more employers are adding cybersecurity insurance in their list of must-have protection.
Cybersecurity insurance is designed to assuage losses from cyberattacks, such as breaches in data, distributed denial-of-service attacks and network damage. With cyberattacks steadily on the rise, no organization is safe.
According to a 2015 report by the Ponemon Institute, the Target data breach in 2013 resulted in 40 million stolen credit and debit cards, as well as 70 million records containing identifying information about Target customers, including names, addresses, email addresses, and phone numbers. Other notable cyberattacks in 2014 include hacks on eBay, JPMorgan Chase & Co., Staples, and Sony Pictures Entertainment.
Small businesses are not immune to a cyberattack, either. Breaches against small to mid-size businesses have risen more than 300 percent in the past two years, according to the security company Symantec.
The Ponemon Institute indicates that cyberattacks throughout the remainder of 2015 will continue to be as bad, if not worse, as more sensitive transactions occur in the digital realm.
While cybersecurity insurance cannot protect businesses from hackers, it can help lessen the sting of a potentially costly aftermath. On top of any direct financial loss incurred by a cyberattack, corporations often find themselves shelling out more money to fight lawsuits brought on by customers victimized by the attack.
As a Scott Godes’ article in The Corporate Counselor newsletter pointed out, a court refused to dismiss a class action complaint against Target Corporation brought by banks whose customers’ information was stolen. Though Target’s losses were somewhat offset by $90 million in insurance recoveries, the corporation is still on the hook for tens of millions of dollars in uninsured losses. Additionally, Target’s cybersecurity insurance has a reported “50 million sublimit for settlements with the payment card networks.”
Before business owners purchase (or renew) any insurance policy, it is important to examine and evaluate the program to make sure the policy fits their needs.
Business owners should not assume that any loss suffered from a cyberattack is covered under their general liability policy. According to the National Association of Insurance Commissioners and the Center for Insurance Policy and Research, the terms and conditions of a Commercial General Liability Policy may not cover issues arising from a data breach, including liability for security breaches, the cost to notify customers of a privacy breach and the costs associated with restoring and replacing electronically-stored assets. A cybersecurity policy is most likely needed for financial protection in such instances.
As businesses continue to perform more transactions online, and as hackers are increasingly becoming more sophisticated in their methods, it is advantageous for employers to think long and hard about the value of cybersecurity insurance.
Of course, purchasing cybersecurity insurance does not equal a safeguard from hackers. To reduce the risk of a cyberattack, businesses should consistently update their firewalls and antivirus software, talk to employees about the dangers of clicking on suspicious links, and conduct regular audits of their IT infrastructure.