Anyone with a Web site now has the legal liabilities of a publisher.
The Internet has spun a whole new “web” of liability exposures. Creating a Web site is simple. The exposures that come with it are not. Privately owned companies that venture onto the World Wide Web face liability exposures that are emerging, evolving, and complex.
Commercial companies that disseminate information to the public via Web sites face the same legal exposures as publishers, yet most have little or no concept of their resulting legal responsibilities. Moreover, new legislation continues to create potential liabilities, particularly in the areas of user privacy and domain name infringement.
2016 has come to be considered “The Year of the Hacker”, when companies like Target, LinkedIn, eHarmony, DropBox, and Yahoo got hit hard by cyber attacks that exposed private information for hundreds of millions of user accounts. With millions of customers transacting business online each year, it is important to understand your business’s potential legal exposure to such a breach. In the event of an attack, are your business covered under our standard business liability insurance policy?
In most cases, the answer is no.
Liability for loss of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability and directors and officers liability may provide a measure of coverage for those areas; however, most CEOs discover significant gaps in what is and what isn’t covered after an attack. Unfortunately, by then it’s too late.
A recent survey by Chubb Group of Insurance Companies found that 65 percent of public companies forego cyber insurance – even though they identify cyber risk as their number one concern. Meanwhile, a quarter of those surveyed are expecting a cyber breach in the coming year, and 71 percent have cyber breach response plans in place.
Ostensibly, high-profile and high-risk companies may appear to be at greater risk, but small-to-medium sized businesses are not immune. According to a recent study by the U.S. Secret Service and Verizon Communications, Inc., over 72 percent of all data breaches occurred in SMB businesses. The average cost of a breach? Over $5 million dollars, according to most financial analysts. The bottom line is that we are all at risk.
So why do only 35 percent of companies invest in cyber liability insurance?
For one, many executives don’t know that it exists. And even if they do, they probably do not think that an attack will happen to them, or they are not overly worried about the potential fallout of such a breach. However, for many more, the high cost of policy premiums is prohibitive.
Policy premiums are primarily based on your industry. For example, if you are an e-commerce company doing online transactions and storing data like credit card information, you are considered high risk for data breach and thus subject to higher premiums. Medical-related institutions hosting data, such as date of birth information, social security numbers and medical records, are also higher risk.
Fortunately, we’ve researched several keys to reducing those hefty cyber liability premiums. The most important thing is to reinforce your security practices before you apply – essentially trying to qualify for “good-driver” type discounts. Plus, boosting security not only helps to decrease the cost; it simultaneously decreases your overall risk factor to breaches.
How do you do it? Security experts agree that the easiest place to start is strong password protection, and yet it’s something that even IT-sophisticated companies often fail to master. Interestingly in all of those “Year of the Hacker” cases, the causes can be traced back to weak passwords that were either 1) not encrypted or “salted” or 2) not changed regularly. If managing passwords for all those servers, apps, cloud services, databases, tablets and laptops seems like a chore, there are affordable password management solutions that do it for you – with a price tags that pale in comparison to high-risk industry insurance premiums.
Other tips to help drive down premiums include:
- Conduct regular risk assessments to reveal hardware, software and individual site vulnerabilities.
- Create a written IT security policy that identifies critical assets and defines policies for physical security, account management, and backup and recovery among other areas.
- Leverage firewalls, virtual private networks, anti-virus and anti-spam software and secure mobile solutions to secure network access and mobile devices.
We are not suggesting that you will avoid the need for cyber liability insurance if you implement these types of security reinforcements. In fact, this coverage is destined to become part of the standard business liability coverage form sometime soon, and customers, suppliers, boards and investors will insist that you have the appropriate amount to do business.
But what we have learned from the “Year of the Hacker” is that you can manage the cost – and the likelihood that you’ll become the next casualty – by putting some simple security controls in place today.
Most importantly, please contact our agency so that we can help you analyze these complex coverage issues for your business. It’s always best to double check your specific situation and coverage needs.
Contains excerpts from Raj Sabhlok, Contributor, Forbes Magazine 1/18/13