Cyber Liability – What is it and is My Company at Risk?

by Preston Cavignac, CPCU, CIC
Cyber liability is a hot topic in the insurance world. We have already heard about the big losses: Play Station, Target, Home Depot, LinkedIn, Sony (most recent and estimated at $100 million+ in damages). But what are the chances that your company will be hacked? We don’t read about the small- to mid-sized companies, which make up the majority of businesses in the U.S. The purpose of this blog is to educate the small to middle market business owner on their exposures to cyber-attacks and to let you know what can be done to prevent, mitigate and finance these threats.

What is a cyber threat? In simple terms, a cyber-attack compromises personally identifiable information and private data. According to IBM, there are over 2 million cyber-attacks on businesses every week and 72% of all data breaches occur in small to medium sized businesses. The average cost of a cyber-attack is said to be $300,000.

How are companies being attacked? According to LexisNexis, social media, mobile payment platforms and ex-employees make up the bulk of cyber-attacks. One in 10 social site users have been hacked by ghost accounts and nearly three in five credit card transactions have been compromised using a mobile platform.

What are the chances that my business gets hacked? It really depends on your risk management program. Half of risk management is preventing and mitigating losses. It’s important to establish specific procedures within your company that address usage of social sites, mobile payment platforms and the internet in general. Human resources plays a huge role in managing your human capital so make sure your employee handbooks are updated and put to use. According to LexisNexis, 59% of former employees admit to stealing company data when leaving… and there are probably more who won’t admit it. Hiring the right people is crucial to building a successful business and avoiding future headaches. Some companies outsource this risk to credit card processors or other data-storage companies designed to protect private and personal data. Outsourcing is a great aversion technique, but as long as you have access to that material, you still own some risk.

What does a cyber policy cover? Most insurance companies provide their own cyber forms so it’s important that you read through each to determine which is best for your business. Most pick up liability for security or privacy breaches, credit monitoring services (which can be up to $200 per record), costs to replace any damaged or destroyed business assets, business interruption, liability associated with libel, slander, and copyright infringement, public relations expense as well as expenses related to cyber extortion or cyber terrorism.

Action items? Cyber-attacks have increased at an exponential rate for the last 10 years. According to Travelers Insurance Company, they have increased 42% since last year alone. It’s clear that all sizes of businesses are at risk, but most businesses are not having this conversation. Take some time to discuss cyber threats that affect your business and industry. Insurance brokers, attorneys, CPAs, among other trusted advisors, can add value to this conversation.