Think back to the days prior to 9-11. In those days a decade ago, we were on the brink of a social media and networking revolution. Since then we have learned about cyber-terrorism, heard stories about the ills and benefits of social networking, and most of us learn more through Twitter than the evening news. We can access our documents in a "cloud" now and do most anything from our tablets and phones. This all brings great benefits to large and small businesses alike.
It also brings great risk.
As these changes have happened, more and more responsibility for the protection of privacy and personal data has fallen on business. It is your company's obligation to protect the data and the financial information of its customers. In addition, most of the valuable assets of a company now involve some form of network and data connection or storage: customer lists, books, records, receipts, tax documents, intellectual property and trade secrets. Finally, most conversation in a company now occurs via e-mail on a network.
Cyber liability coverage is insurance coverage for liability that arises out of unauthorized use of, or unauthorized access to, electronic data or software within your network or business. Cyber liability policies also provide coverage for liability claims for spreading a virus or malicious code, computer theft, extortion, or any unintentional act, mistake, error, or omission made by your employees while performing their job.
The typical business insurance policy only covers so-called "tangible" assets and electronic data is not considered tangible under the typical policy definition. Cyber liability insurance fills that gap. As the number of risks has increased and as the networked world becomes more complex, so have cyber liability policies.
Most policies today can be built around the needs of the business. An online retailer will have different needs than a brick and mortar small business with a limited web presence. Obviously, the size of the business, the number of customers, the type of data (financial records vs. medical records, for example), and other factors will affect the cost of the premium. As always, you will want to review policies from several insurers and work with your insurance professional to create a cyber liability policy that works for your business.
For example, the Travelers CyberRisk Policy can consist of three liability insuring agreements and seven first party insuring agreements. These range from "Network and Information Security Liability" to "Business Interruption and Additional Costs" coverage.
In order to purchase this coverage most insurers are going to require either an "audit" of your current data protection plan or a review of your disaster plan. That is, the insurer is going to want to know what technical protections exist in your business system and what employee training and security steps have been taken to secure your company's network and data. For example, one of the questions from the Travelers application asks:
Is a multi-factor authentication process (multiple security measures used to reliably authenticate/verify the identity of a customer or other authorized user) or a layered security approach required to access secure areas of Applicant’s website?So, it is a very good idea to conduct a top to bottom review of your security measures and put in place those things that will lower your premiums such as anti-virus software and firewalls at a minimum.
This insurance product is only about ten years old. It is evolving and demand is growing. It will soon be a requirement for most government contracts that the contractor have cyber liability insurance in place. While in 2005, fewer than one-third of businesses surveyed by the FBI had cyber liability or insurance for cyber fraud in place, today more than 60% of businesses have some form of cyber liability insurance in place.
The insurance can cover business interruption from a network attack and even the cost of responding to customers and insuring regulatory compliance in case of a breach (imagine that the recent data breach at Sony affected 20 million customers and you can see the potential costs involved in responding to such a breach can be staggering).
In a recent survey by the Computer Security Institute the institute found in a survey of 351 security professionals that half of respondents experienced at least one security incident last year and, of those who reported an incident, fully 45.6 percent of them reported they’d been the subjects of at least one targeted attack. In other words, nearly a quarter of the businesses encountered a security threat where the business was specifically targeted. Think about that. If a quarter of the businesses you worked with reported to you that an arsonist had tried to burn the business - you'd purchase a fire liability policy. Cyber liability insurance is just as critical a part of your business insurance plan.