You've seen it in the headlines - talk of attacks and ransomware are all over. You've probably been notified by a company you do business with on a personal level, a time or two that your personal information may have been compromised. They then often offer a year of credit monitoring, a notification process, etc, etc. In today's world, eliminating that risk would be impossible. Here is what you can do to better position your business;
EDUCATE:
Yourself, any partners or other owners of the business and employees. Don't forget other small businesses! If you do your best but yet your accountant has their digital doorway unprotected and open, you are still at risk. There are lots of programs available to help educate. It is estimated that 90% of small business cyber attacks are related to a mistake a businessowner or employee made. There are some insurance programs that will offer this training for free for being a policyholder. That is a fantastic, money saving feature, as most cyber carriers want to know about what you are doing to educate but then expect you to pay another party to educate. We'd be happy to get you more information.
MANAGE RISK:
Are you doing the basic things in your organization to help reduce the risk?
Use strong authentication across your systems including unique passwords and multi-factor authentication.
Ensure your software is up to date and use anti-virus software.
Train your staff – think before you click.
Prepare to respond if an incident happens. Have staff on-hand and ready to help.
Let's talk a bit about what it is and how insurance can help....
What is Cyber Attack?
According to the National Institute of Standards and Technology:
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Source: https://csrc.nist.gov/glossary/term/Cyber_Attack
Myth Buster: Cyber Hackers only target "big" business.
That is a huge misconception, one we are here to try to break! Can it happen to small business? Does it happen to small business?
45% of Cyber Attacks are against small business. It is estimated that 90-95% of successful attacks stem from a business owner or employee falling victim to social engineering scheme. Read more about social engineering here.
Here a some of reasons experts suspect that smaller businesses are getting hit so often and so hard - and with alarming increase in cases (one is hit every 19 seconds).
- Many small businesses don't have the time, knowledge or resources to properly protect themselves and hackers know that. You can break that theory by following Educate, Manage Risk and Recover approach.
- Most small businesses use email for communication, one wrong click is all it takes in some cases! Hackers excel at their game of trickery more and more every day, making emails look more and more "legit" all the time. It is so easy, in our busy world, to drop your guard and click. Damage done. The Social Engineering endorsement on your cyber policy will help.
- Many small businesses think they would only need cyber insurance if they have a "server" or "hold records". This is not the case at all. If you are operating in any kind of digital environment - you are at risk. How much risk? That answer would require further conversation. We'd love to chat. Click the "Ask Us How Today" link below!
PNW Insurance and Cowbell can help you better protect your business and your clients. Ask Us How Today!
What does cyber insurance cover?
Cyber insurance covers your business' liability for a data breach that includes sensitive customer information. This could include things like Social Security numbers, credit card numbers, account numbers, driver's license numbers and even medical records.
Why doesn’t my general liability insurance cover cyber liability?
General Liability covers bodily injuries and damage to property which is a result of your products, services or operations. Be sure to check your policy because cyber insurance is usually not included in your general liability policy
- Legal fees and expenses as well as:
- Restoring personal identities of affected customers
- Notifying customers about a data breach
- Repairing damaged computer systems
- Recovering compromised data
- What to look for as a cyber insurance buyer
Like any business insurance, cyber insurance coverage varies by insurer and policy.
When shopping around and comparing policies among insurers, here are some things to look for and ask about:
- What are the deductibles? Be sure to compare deductibles closely among insurers, just like you do with health, vehicle and facility policies.
- Does the insurance company offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy? In most cases, a stand-alone policy is best and more comprehensive. Also find out if the policy is customizable to an organization.
- How does coverage and limits apply to both first and third parties? For example, does the policy cover third-party service providers? On that note, find out if your service providers have cyber insurance and how it affects your agreement.
- Does the policy cover any attack to which an organization falls victim or only targeted attacks against that organization in particular?
- Does the policy cover non-malicious actions taken by an employee? This is part of the E&O coverage that applies to cyber insurance as well.
- Does the policy cover social engineering as well as network attacks? Social engineering plays a role in all kinds of attacks, including phishing, spear phishing and advanced persistent threats (APTs).
- Because APTs take place over time, which can be months to years, does the policy include time frames within which coverage applies?
If you're interested in cyber insurance coverage for your business, please give our office a call or request your online cyber liability quote today.