By Valeri Orsini
Strike one: stolen phones or laptops. Strike two: improper disposal of paper documents. Strike three: vendor or employee misuse of information. Do you understand the potentially disastrous financial implications of not having a cybersecurity plan in place?
You may not be in the Padres lineup, but you do have a responsibility to avoid a strikeout as business owner — especially when it comes to cybersecurity.
The average total cost of a single data breach rose 23 percent to $3.8 million in 2015, according to a report by IBM and the Ponemon Institute. The per-record cost reached $154, demonstrating that the cost of cyber liability is expensive and the need to protect against this threat continues to grow.
As co-owner of a firm that specializes in supporting the needs of San Diego businesses, I recently attended a cyber liability seminar to learn more about the latest trends in this area. I left with key takeaways relevant to small and medium companies that may have undetected website vulnerabilities and to large companies like those in San Diego that recently came under fire for malware attacks.
As shared at the seminar, common claims include: wireless mice accessing computers remotely, diabetic machines being hacked to obtain medical records, and hackers accessing public calendars to find out when bankers will be away from their desks.
Costs of a data breach are often larger than one expects, going above and beyond the forensic cost to discover the cause. Additional costs may include notifying regulatory authorities and affected individuals, regulatory fines at home and abroad, cost to customers, damaged reputation, cyber extortion payments and business income loss.
Now that you’re aware of risks and costs, what steps can you take to protect yourself if a breach occurs?
Traditional liability insurance does not cover risks faced by internet businesses and that’s where cyber liability comes in. Cyber liability insurance covers legal liabilities resulting from a breach of both first party (the company) and third party (clients, customers, vendors, etc.) confidential information. Coverage typically includes network security and privacy liability breaches; employee privacy liability; electronic and media liability to cover personal injury due to electronic and printed advertising, marketing and public relations activities; and regulatory liability to cover fines or penalties resulting from network security or privacy liability breach.
A cyber liability insurance package is customizable and can be designed to fit a company’s unique needs. For example, the following coverages can be added into the policy if needed: notification to cover the cost of informing customers whose information has been exposed; business interruption insurance to pay for the loss of income in case the data breach requires a computer shutdown; cyber extortion to cover the cost of paying for an extortion threat on the web; cyber terrorism to cover the cost of a terrorism event or even the threat of an event; and loss of digital assets insurance to cover digital data restoration or recovery.
In addition to protecting your business with cyber liability insurance, there are some additional steps you can take as a business owner to reduce liability costs according to the IBM and Ponemon study. Having a response team in place before an incident occurs, using encryption, and training employees were all found to decrease the per-record cost of a cyber breach.
Don’t strike out as a business owner in a digital world. Take cybersecurity seriously and make sure you have cyber liability insurance.
Valeri Orsini co-founded San Diego-based Fusco & Orsini Insurance Services in 2010. The independent insurance agency offers a wide range of business and personal insurance products.