The rise of information stored and transferred electronically has resulted in a remarkable increase in the cybersecurity exposures of businesses, especially as more of the workforce is remote. As technology becomes increasingly important for business operations, the value of a strong cyber liability insurance policy continues to grow. Cyber liability insurance has become an essential component of any risk management strategy to protect businesses from devastating financial damage.
Cyberattacks Affect Every Business
The recent migration to largely remote business operations due to the pandemic has also created more opportunities for hackers. Hackers have taken advantage of businesses opening remote access for employees quickly without having secured their systems to an ideal level beforehand.
From the first half of 2020 to the first half of 2021 the frequency of incidents reported by their policyholders with under 250 employees increased 57%.
According to Coalition, a cyber insurance and security provider, from the first half of 2020 to the first half of 2021 the frequency of incidents reported by their policyholders with under 250 employees increased 57%. Business email compromise incidents were the most reported of these claims. Ransomware is also a very prominent threat. The average ransomware demand was $1.2 million in the first half of 2021.
Small and mid-sized businesses are often just as much a target for cybercriminals as large businesses. Many of these smaller businesses often don’t have the resources to recover from cyberattacks.
How to Protect Your Business
By knowing your business’s exposures, you can significantly reduce the chance of a cyber breach. Insurance carriers are pushing businesses to preemptively protect their business. A layered approach of the following strategies can help avoid significant losses:
- Multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connection), email server, cloud services, and data backup solution.
- Multi-factor authentication on all network administrator accounts and any other user accounts with elevated permissions within your network.
- A robust backup solution that is either disconnected (“air-gapped”) from your network or segregated from your network with multi-factor authentication access control. Backups should be tested frequently and, ideally, be capable of restoring essential functions within 24 hours of a widespread ransomware attack across your network.
- Next-generation antivirus protection, including automated endpoint detection and response functionality on all endpoints. All detected endpoint activity should be monitored and investigated 24/7/365.
- An email filtering solution that prescreens emails for potentially malicious attachments and links. If using Office 365, enable the Microsoft Advanced Threat Protection add-on.
Source: Tokio Marine HCC
Cyberattacks are increasing in both frequency and severity. About 50% of cyberattacks that have happened in the past 18 months could have been prevented if businesses implemented these recommended security measures. However, these security measures may not protect you against all cyberattacks.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.
What is Cyber Liability Insurance
A traditional business liability policy is unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.
Possible exposures covered by a typical cyber liability policy may include the following:
- Data Breaches: Increased government regulations have placed more responsibility on companies to protect clients’ personal information. In the event of a breach, notification of the affected parties is now required by law. This will add to costs that will also include security fixes, identity theft protection for the affected, and protection from possible legal action. While companies operating online are at a heightened risk, even companies that don’t transmit personal data over the internet, but still store it in electronic form, could be susceptible to breaches through data lost to unauthorized employee access or hardware theft.
- Intellectual Property Rights: Your company’s online presence, whether it be through a corporate website, blogs, or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement, and defamation, among other things.
- Damages to a Third-Party System: If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails resulting in a loss for a third party, you could be held liable for the damages.
- System Failure: A natural disaster, malicious activity, or fire could all cause physical damages that could result in data or code loss. While the physical damages to your system hardware would be covered under your existing business liability policy, data or code loss due to the incident would not be.
- Cyber Extortion: Hackers can hijack websites, networks, and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
- Business Interruption: If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day-to-day operations. Time and resources that normally would have gone elsewhere will need to be directed toward the problem, which could result in further losses. This is especially important as denial-of-service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization’s server.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t cover. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It is important to work with a broker that can identify your areas of risk so a policy can be tailored to fit your unique situation.
This blog is a recap of Choice Bank’s “Why Every Business Should Have Cyber Liability Insurance” webinar presented by Ben Brunn and Colten Heagle of Choice Insurance and Jeanine Loomis of RT-Specialty. Access a free recording of the webinar here.