When Cyber Liability Insurance Isn’t Enough
If you think just having cyber liability insurance is sufficient protection for your company, think again.
Here are common reasons you might not be covered.
- You didn’t follow insurance policies.
Insurance companies require you to follow policy requirements in order to file a claim. You have to prove you’ve made a reasonable effort to prevent a cyber attack by adhering to established procedures.
An All-Too-Common Scenario
The small company with 15 employees thought they were safely covered. They had already purchased cyber liability insurance. They even had a policy that required everyone to regularly change passwords. Everyone, that is, except the CEO. He didn’t want to be bothered by having to change his password every month, so he asked the IT department to remove that restriction on his computer. Big mistake.
Then it happened. The CEO’s machine got infected. It was inconvenient for sure, but at least the insurance would take care of it, right? Wrong.
During an audit, the insurance company discovered that the CEO’s password hadn’t been changed in 5 years—and he used the same password for everything else. Thus hackers were able to breach the company’s network. In this situation, the breach wasn’t covered by insurance because the CEO wasn’t following the policy. It didn’t matter what insurance the company had because they couldn’t file a claim anyway.
Filing a Claim
When you do make a claim, be prepared to prove that you’re following the insurance policies. This might include implementation of antivirus, firewall, and other policies in the manual. If you can’t produce documentation that you have security practices in place, then they might deny your claim even if you’ve been careful. That’s why it’s essential to develop procedures and practices in your company that are verifiable.
- Breach insurance wasn’t part of your cyber liability insurance.
A common misconception is that if you have cyber liability insurance then you also have breach insurance. However, each carrier varies on what they cover. Breach insurance is for if you’ve been hacked or if your computer has been infected, which many cyber liability insurances don’t cover.
Does Your Insurance Cover These Risks?
-
-
- Virus
- Hacking
- Data loss due to infection
- Hard drive encrypted and held for ransom
- Customer data breach
- Website defacing
- Mail server hacked to send spam, Trojans, or viruses
- Employee negligence
Employees may unwittingly give away confidential information, click through malicious websites, spread infections with USB drives, or expose client information to risk with unsecure computers. - Lost or stolen laptops that don’t have encrypted hard drives or password protection
- CEO scams
Hackers get into the system, emulate the CEO, and authorize financial transactions that seem standard.
-
- You underestimated the risk and cost of cyber attack.
Know the enemy
Who are these bad actors that breach company data? Contrary to popular belief, they’re not the hooded teenagers brooding over computers in the basement, trying to cause trouble. The typical hackers are organized criminals who use sophisticated methods to access company systems. To them it’s just a job. They will take advantage of CEOs who excuse themselves from following policies. They will exploit careless or disgruntled employees to breach your data. They strategically conspire to get your money. So do your part to secure your company. Make sure you have comprehensive insurance coverage, and follow the policies.
Know the expense
According to data from the Ponemon Institute, it costs an average of at least $200 per client record for remediation after a data breach. This includes communication with the client and fixing the problem, but it doesn’t include damages sought in a suit (class action or otherwise). For a typical small to medium-sized company with 10,000 client records over the years, that would cost $2 million. Could your company survive that?
Take action
Call us to review your cyber liability policies and put together an action plan so you are ready when (not if) a claim occurs. Many insurance companies also ask if you’ve had a third-party audit to determine your risk, which we can provide.
Schedule a call with us now to get the conversation started.
