From phishing to ransomware to viruses, virtual threats are everywhere. Whether it’s our personal computers, our phones or our business’s computer networks, all of our devices are under daily attack. This is especially true for businesses.
Last year ransomware alone cost Canadian businesses over $2 billion in losses.1
The need for businesses of all sizes to protect themselves with a Cyber Liability Insurance policy is clear. Just as you wouldn’t leave your home or business unprotected in case of a burglary, fire, or flood, leaving your business unprotected from a cyber-attack is just as dangerous.
As business insurance and cyber-liability experts, our ALIGNED team gets asked about cyber-security and cyber liability coverage every day. We’ve put together this article to answer some of those questions.
How Can I Protect my Business from a Cyber Attack?
When it comes to protecting your business from online threats, a healthy cyber-security policy depends on a layered approach. It’s not just about having virus protection installed and changing passwords every so often. Proper cyber-security requires constant upgrades to both technology and education.
This Government of Canada website has some great insights on protecting your business. Although it’s written for small businesses, the information is relevant for businesses of all sizes. Here are the basics:
- “Promote device security in your organization – employees using their personal devices or outside networks for business could carry risks.
- Your small business might be at risk – find out the risks that cyber-criminals pose to small businesses, including what they’re after, who they’re targeting and how they do it.
- Create stronger cyber safety policies – find out how to set strong policies and guidelines to encourage safe online behaviour, including establishing a clear internet usage policy, a strong social media policy and rules for using email safely.Credit card, PayPal and account numbers
- Educate your employees on cyber safety – find out how to properly educate your employees on the cyber threats they face. This includes knowing the threats, protecting social networks and knowing how to spot risky URLs.Vehicle, licence information
- Run a more cyber-safe business – take the necessary steps to ensure your small business is protected from cyber-attacks, including backing up important data, installing the right security software, and changing your passwords on a regular basis.”
In addition to these tips, our ALIGNED cyber-liability experts have also identified another important step to protecting your business: knowing how many records are accessible through your devices and network that contain personal information.
Know How Much Sensitive Data You Have Stored
Knowing how much sensitive data you have stored or is accessible through your systems or network is now a necessity. Because of recent legislation, companies are required by law to notify anyone whose information was compromised in a breach. This includes Personally Identifiable Information (PII) of customers, 3rd party business partners and employees. PII includes:
- Names, addresses, phone numbers
- Email addresses, websites and social media accounts
- Credit card, PayPal and account numbers
- Biometric and Geolocation identifiers
- Vehicle, licence information
- Social Insurance Numbers, employee account numbers
- Employee numbers
- Medical and health plan information
It’s vital to know your liability exposure for both your risk-management strategy and for your cyber insurance coverage – which should be part of your risk-management strategy. As mentioned earlier, protecting your business from cyber-attack is now as important as protecting it from a break-in, fire or flood.
Part of the process of getting cyber liability coverage is knowing how much sensitive data can be accessed through your systems or network.
If you don’t know exactly how many of your records contain PII you can still get coverage but you will have to estimate the number. Having an accurate number is essential for making sure your policy covers you in the event of a breach.
The best way to track the amount of sensitive information you are responsible for is by using a data asset inventory tool or database management software.
Cyber Liability Insurance FAQs
Below are some common questions we get regarding Cyber Liability Insurance coverage.
My business doesn’t store any personal information and isn’t an online retailer, do I really need Cyber Liability Insurance?
Yes, and here’s why: hackers are targeting small businesses more and more every day. According to the latest numbers, almost 20% of small businesses and almost 30% of medium-sized businesses were victims of a cyber-attack.
Hackers do more than just steal information, they can lock you out of your website, computer, or email until you meet their demands. So while you may not process transactions online, if you have a website, use a computer, smartphone, or tablet for your business or even communicate through email, your business is at risk.
Will my business be denied coverage if I don’t have the latest technology?
No. Getting cyber liability coverage is not dependent on the technological sophistication of your business.
How much coverage does my business need?
This depends on a number of factors including the type of business you’re in, how you conduct business, how many records you have control over that contain PII and how much business you would lose if you were locked out of your systems on an hourly or daily basis.
On a side note, according to IBM, in 2019 the average breach cost per record was $242. Multiply that by the number of records and you’ll have an idea of your company’s liability exposure.
Does Cyber Insurance Cover My Business If We Sent Money to a Fraudulent Account?
Yes, Cyber Liability Insurance can cover the expenses related to a social engineering attack, including situations when an employee unknowingly sends money to a fraudster.
Social engineering attacks usually involve a cyber-criminal posing as a trusted source and using a fake email and/or webpage to get a business’s employee to give up personal information, login information and, sometimes, what an employee believes to be a legitimate business payment. Your cyber liability coverage would be triggered when one of your employees acting in good faith releases funds to a fraudulent entity.
Does Cyber Liability Insurance cover my business for all cyber-events?
Not necessarily. Your policy will certainly cover your business for cyber-attacks listed in the policy. Unfortunately, one of the frustrating aspects of cyber-crime is how quickly it changes. As cyber-attacks evolve, so does cyber liability coverage. It’s important to be up to date on your cyber liability coverage. A good way to do that is to contact an ALIGNED cyber-liability specialist who can give you the latest information on cybercrime, cyber liability coverage and privacy issues and regulations.
Getting a Quote for Cyber Liability Insurance Has Never Been Easier
Use our free online tool to get a fast, no-obligation quote started for Cyber Liability Insurance for your business or contact an ALIGNED cyber liability expert today!
Source: 1 https://blog.emsisoft.com/en/35583/report-the-cost-of-ransomware-in-2020-a-country-by-country-analysis/