Black Friday Sale! 50% Off All Access

Cyber Insurance Offers More Than Just Protection Against External Cyber Attacks Think the Targets of this world are the only ones being hacked? Think again.

By Travis Wall Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Massive data breaches have become so prevalent that they are no longer big news. The cyber attacks that do grab headlines typically involve banks or large retailers, in which tens or hundreds of millions of records may have been stolen.

Related: 5 Tips to Protect Your Business From Hackers

Because most businesses do not maintain confidential information on that scale, the chances seem slim that smaller firms would be the target of hackers. This may be one reason many businesses don't buy cyber insurance. But that decision misunderstands the cyber risks smaller firms do face.

In fact, most claims under cyber-insurance policies don't involve Target- or Sony-style attacks, but more mundane events. These might include employee or contractor mistakes in handling information, a lost or stolen laptop, the failure to change a dismissed employee's network permissions, or the unfortunate practice of leaving system data exposed.

Clearly, then, small businesses are not immune from external attacks. They also have less sophisticated data-security protections, making them an attractive target: Only one employee has to fall for a phishing email or click a link that imports a worm or malware before the network is compromised, leading to costs that can severely impact a company's reputation and financial well-being.

An example: In 2013, the owner of a specialty t-shirt store, 80sTees, received notices from banks about suspicious credit card charges. Upon learning of the problem, the company stopped accepting credit cards, recoded the company's website so that it no longer stored credit card information and notified approximately 3,500 customers that their personal information may possibly have been compromised.

The company assumed it was the victim of computer hackers. But the more likely culprit turned out to be a former high-level employee who had set up an unauthorized email account that captured information about credit card transactions.

Despite the relatively small size of the breach, the response costs were substantial. According to published reports, the breach caused $200,000 in damages, not including lost sales during the period the company was not accepting credit cards.

80sTees survived its breach. But not all firms do. In a 2012 study, the National Cyber Security Alliance concluded that 60 percent of small firms go out of business within six months of a breach. To mitigate the risk from these events, then, and protect a firm's bottom line, companies should take some basic remedial steps.

1. Businesses of any size must recognize that data security is not just an IT problem but an enterprise risk-management issue.

Data-breach risks come from multiple sources, not just external threats. Because data security should be administered on a companywide level, senior management, not IT personnel, should set the company's policies for data management and protection, with IT's input, of course.

Related: 4 Ways Your Small Business Can Better Prevent Cyber Crime

2. As with any major business risk, insurance should be an integral part of the equation.

At least once a year, companies should survey their insurance to ensure adequate protection against cyber-related risks.

3. Businesses should not expect traditional insurance to cover this type of loss.

Traditional products -- such as commercial general liability policies or property policies -- are designed to cover bodily injury or damage to tangible property. Data breaches and other cyber events, on the other hand, involve damage to intangible assets such as information or computer software. For protection against that risk, companies need cyber insurance.

Third-party cyber-risk policies protect against liability and other costs arising from data breaches. These costs may include breach-notification costs, free credit-monitoring for potentially affected customers, liability and defense costs for civil lawsuits and costs to respond to regulatory inquiries.

First-party cyber insurance protects the policyholder against business interruption losses or costs to repair or restore lost data or software. In the case of a breach, a forensic team probably will have to scour the company's system to identify and fix any problems -- and that process can be expensive.

Cyber policies tend to offer targeted coverages for discrete harms, with each coverage having a separate premium. One coverage part might apply only to data breach notification costs and claims arising from civil lawsuits; another coverage part might apply only to forensic costs to identify or fix a breach; a third part might apply to the cost to respond to regulatory proceedings.

Because cyber-related coverages tend to be compartmentalized, firms should scrutinize the risks they face and ensure that their cyber policies actually cover those potential losses.

Related: Why Your Password is Hackerbait (Infographic)

Travis Wall

Partner, Hinshaw & Culbertson LLP

Travis Wall is a partner at Hinshaw & Culbertson LLP, where he devotes a significant portion of his practice to the defense of insurance companies in coverage disputes involving property and casualty insurance, reinsurance, life insurance and ERISA and non-ERISA disability claims. Wall has substantial knowledge in the area of cyber risks, and advises his clients on policy and coverage matters involving data breaches and the risks associated with the use of technology and social media.

 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Living

These Are the 'Wealthiest and Safest' Places to Retire in the U.S. None of Them Are in Florida — and 2 States Swept the List.

More than 338,000 U.S. residents retired to a new home in 2023 — a 44% increase year over year.

Business News

Is Reddit Down Again? Tens of Thousands of Users Are Reporting Issues With the Platform.

A Reddit outage has been occurring off-and-on for two days.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business News

DOGE Leaders Elon Musk and Vivek Ramaswamy Say Mandating In-Person Work Would Make 'a Wave' of Federal Employees Quit

The two published an op-ed outlining their goals for their new department, including workforce reductions.

Business News

These Are the Highest Paying Jobs Available Without a College Degree, According to a New Report

The median salaries for these positions go up to $102,420 per year.

Starting a Business

This Sommelier's 'Laughable' Idea Is Disrupting the $385 Billion Wine Industry

Kristin Olszewski, founder of Nomadica, is bringing premium wine to aluminum cans, and major retailers are taking note.