Cyber issues are in the news a lot today and we are sure everyone is thinking about how it apples to your business or family. As we continue our discussion regarding a new way to think about insurance we thought it would interesting to apply our philosophy to the Cyber Risk issue.
Cyber Liability Risk
Every business is at risk for a cyber breach. Even the White House recently experienced a cyber breach. Cyber breaches are now a fact of life, and every state now has mandatory requirements for data breach notification. Statistics show 39% of all cyber incidents affect businesses with fewer than 100 employees. If you store data, including private information on computers, use e-mail, generate revenue online, or use your computer to control production, manufacturing, or inventory, your company is at risk!
“High-profile attacks, including the data on 100 million customers stolen from U.S. retailer Target in 2013, and the emails filched from Sony’s film studios at the end of last year, have made companies fearful of the economic consequences of cyber robbery. Yet they haven’t done much to puncture the secrecy that surrounds the issue.” Said Mark Gilbert in a recent article on Property Casualty 360
Best Practices For Cyber Risk
While cyber liability insurance should be considered by every business, in addition, we also recommend specific procedures and defensive programs to limit or reduce your risk.
· Make sure you comply with all state and federal laws
· Have a written cyber breach policy
· Don’t use the same password for multiple services
· Apply software updates when necessary. Apple, Google, and Microsoft typically include security bug fixes and patches in their most recent software updates
· Question your internet security at every level, including email. It may be time to encrypt all emails
· Shred all credit reports and other sensitive data before disposal
· Do not click on links or pop-ups, open attachments, or respond to emails from strangers
· Only connect to the Internet over secure, password- protected networks
· Follow all HIPAA laws
· Hire an IT Director, or make one person responsible for network security
· Focus on using long passwords (longer than 13 characters) and change frequently
· Develop notification procedures
· Do not open emails or open attachments from email addresses you do not recognize
· Train employees on the use of laptops including out of office access
· Invest in the latest anti cyber software
· Verify that all your vendors comply with laws and statutes
Cyber Liability Insurance
Most businesses should consider cyber liability insurance which is designed to cover the costs of investigations, notification, and credit monitoring for affected individuals, regulatory compliance, defending lawsuits, and payment of any resulting judgments or settlements. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure.