In the wake of the Equifax data theft, Yahoo's revelation about losing 1 billion customer records, and news about data theft sponsored by the governments of North Korea and Russia, it's clear that there are some "very bad dudes" on the internet.
There’s not much you can do to be perfectly protected… but you can buy insurance to hedge your risk.
First, Measure the Risk
What would happen if a hacker broke into your computer system and stole your company data? Would you lose sensitive customer or employee information—such as names, credit card numbers, or social security numbers? Would you lose trade secrets for valuable product ideas? Would you compromise information about your clients?
Cyber Attacks are Real
Whatever your biggest fear, cyber attacks are a fact for most 21st-century businesses. From files to customer data, you have too much information stored on your company computer systems to go without risk protection. Cyber security insurance can protect your business from many of the effects of data breaches—including data loss, fraud, extortion, business interruption, and lawsuits.
Let's look back at the Target cyber breach from a few years ago. On November 27, 2013, attackers breached Target’s system and started collecting data on customers. It wasn’t until December 13 that Target discovered the breach, notified that United States Department of Justice, and took steps to plug the leak. All told, hackers gained access to the credit card information of more than 70 million people.
The Cost of Being a Cyber Attack Victim
Target was accused of not doing enough to prevent the breach and not alerting customers right away. The company saw significant drops in stock prices and quarterly earnings, suffered substantial reputation damage, and ended up facing more than 100 lawsuits. The settlement for consumer victims of the breach was $18.5 million, while other deals with payment card companies were even bigger. The MasterCard settlement, for instance, was a cool $67 million.
Obviously, Target is a big company—the kind that can weather this type of disaster without being in serious jeopardy of going out of business. Still, the breach was a huge money drain for Target. According to an April 2016 blog post from the law firm Patterson Belknap, Target had incurred nearly $291 million in breach-related expenses by that point. (The number is likely higher now.)
Those expenditures included everything from legal costs to forensic accounting. When the breach happened, Target had $100 million in cyber insurance and a $10 million deductible. The policy wasn’t even close to being enough to cover the full expense of the breach, but it did help lessen the blow significantly.
The Target case proves two things:
- First, companies need cyber insurance. Not even a company as notable and well-established as Target was secure against cyber threats. Cyber criminals may not target smaller businesses in the same way that they go after larger brands (pun very much intended), but that doesn’t mean SMBs are safe. From hacks to infections, no company is above the fray of cyber warfare. As such, no company is above the need for cyber insurance.
- Second, businesses probably need more cyber insurance coverage than they expect. It’s tough to understand the sheer magnitude of dreadful things that can happen during a cyber-attack. Target is, of course, an extreme example. The Target breach impacted tens of millions of people. Most businesses don’t have a fraction of that number of customers. Still, between legal costs, lost business, technology upgrades, and other expenses, the costs of a cyber-attack are almost always going to be higher than business owners imagine them to be.
Get the Features You Need
As with any insurance, cyber policies vary from one company to the next. Some might include credit card monitoring for compromised consumers. Some might cover forensic investigation of the breach. Some might cover public relations expenses. At the very least, you probably want something that insulates your business from legal costs and regulatory penalties. Ultimately, though, your best bet is to sit down with a cyber insurance expert, discuss your business, identify your risks, and go from there.
Don’t assume your company’s general liability coverage and property insurance policies shield you from everything. Instead, sit down with an experienced insurance broker to discuss your risks and identify ways to alleviate them. In a perfect world, your business will never face a malpractice lawsuit or a data hack. But if you do, having the right insurance coverage in place could mean the difference between going bankrupt and living to fight another day.
This original Guest Blog contributed by EMBROKER.com, an online insurance brokerage built for the way you do business. Embroker provides technology that takes the pain out of insurance, offers top-tier service from the best brokers in the game, and partners with the nation’s leading carriers to find policies tailored to your company.