Propel provides innovative insurance solutions to thousands of companies across the country. We make it our business to know your world inside and out.
Cyber Security
Is My Business At-Risk Of A Cyber-Attack?
Examining The Need For Cyber-Liability Coverage
Cyber-attacks and data breaches have continued to rise in frequency and severity over the last several years, leaving many business owners wondering if their companies are at risk, and searching for solutions to protect their assets.
While media attention has focused chiefly on large data breaches, small-to-medium sized businesses are equally as susceptible. In fact, evidence indicates that smaller businesses suffer disproportionately worse losses compared with larger companies. According to the Ponemon Institute, 55% of small-to-medium sized companies experienced a cyber-attack in 2016, 50% suffered a data breach and 40% were attacked by ransomware—costing an average of nearly $1.8 million dollars per company to IT assets and business income per incident. Insurance experts now suggest that the risk of cyber liability losses exceeds that of theft or fraud.
Yet despite these alarming numbers, only 14% of small companies feel their protection against cyber liability losses is effective. Many business owners struggle to understand the exact nature of their cyber liability exposures, and as a result hesitate to implement appropriate risk management and insurance solutions to mitigate that risk.
No matter how small the company, it is crucial for business owners to be aware of where attacks can come from, how attacks can affect their business, and the best methods to protect against—and recover from—attacks.
A business’s potential loss from a cyber-attack or data breach can arise from a variety of sources, such as liability for costs incurred by customers or vendors whose data was compromised, the cost to recover damaged IT systems and reconstruct data, the cost of notifying customers and vendors of the breach, fines imposed by regulatory bodies, forensics costs, loss of business income, extortion, lawsuit settlements, and the costs associated with recovering reputation after the attack. These losses can be catastrophic, particularly for smaller businesses.
Still, the low market penetration of cyber liability coverage suggests that in addition to not understanding their exposures, many business owners feel that they are not a target for an attack. This thought relies on a common, yet false, assumption that most attacks are carried out by an external hacker. However, as data from Ponemon points out:
- only 27% of data breaches are caused by external attacks.
- Perhaps surprisingly, 48% of breaches occur because of internal negligence
- 41% because of third-party mistakes
- 35% because of a system error
- and 32% for unknown reasons.
The data illustrates that the overwhelming majority of breaches occur simply because of human or system error, underscoring how susceptible every business truly is. Luckily, business owners do have resources available to protect their businesses:
First, strategies such as IT audits, system vulnerability assessments and penetration testing should be regularly conducted with qualified IT and Risk Management personnel, and modern firewalls should be installed on all company devices. Maintaining updated security software, utilizing cloud computing solutions, backing up data offsite, and following a data privacy policy are additional methods to further reduce the risk of a breach.
Second, business owners should implement a cyber liability insurance program that covers the full scope of their exposures. Standalone policies can be tailor-made to suit each individual business, and can cover costs associated with liability for data breaches, damages to the business’s computer systems and data, coverage for claims of negligent copyright infringement online, fraudulent transfer of funds, and coverage for the settlement of extortion, to name a few. Cyber liability coverage can also be found in many standard Business Owners Policies, and as endorsements to package policies. In addition to the coverages provided in the policy, the added benefit in partnering with a cyber liability insurer is gaining direct access to their expert council in this highly technical arena.
There were 1,579 breaches in 2017 alone, an increase of nearly 45% over the previous year, requiring 30% of all US consumers to be notified that their data was compromised. 2018 will likely follow a similar trend. Business owners should take the opportunity now to critically evaluate their current solutions for handling their cyber liability exposures, start implementing effective risk-management practices, and for those risks that cannot be fully managed, to transfer that risk via a cyber liability insurance policy.
References:
Cyber Liability Risks, https://www.iii.org/article/cyber-liability-risks
Facts + Statistics: Identity theft and cybercrime, https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime
Protecting against #cyberfail: Small Business and Cyber Insurance, https://www.iii.org/sites/default/files/docs/pdf/cyber_risk_wp_103017.pdf