When you hear the words “data breach” or “cyber attack,” what comes to mind? For many people, these words conjure up images of rogue hackers infiltrating secure computer systems to steal valuable or sensitive data.
Although malicious cyber criminals are a real threat, in many cases, data breaches are caused by something much more mundane, like a stolen laptop, misplaced thumb drive or lost smartphone.
Cyber liability claims examples
While small businesses are increasingly at risk of a cyber attack, unfortunately, this is not the only threat.
Here are some of the most common types of incidents resulting in a cyber or data breach claim:
Stolen laptops
A regional retailer contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 80,000 clients of the retailer.
According to applicable notification laws, the retailer – not the service provider – was required to notify the affected individuals.
Total expenses incurred for notification and crisis management alone was nearly $5,000,000.
Rogue employee
An employee learns she may be terminated, and in response, she steals names, addresses, social security numbers and other personal information from customer files.
She sold the information to her cousin who used the identities to fraudulently obtain credit cards. The affected individuals filed suit against the company for identity theft.
Small business hacked
A business is hacked by a local teenager who stole social security numbers and bank account data from customer files. He sold the information to an internet website which used it to create false identities for criminals to use.
The business incurred notification and credit monitoring costs, and the legal expenses as well as the damages from potential lawsuits resulted in more than $500,000 in damages.
Manufacturer duped
A manufacturer located in northeast Ohio nearly transferred $315,000 to China based solely on an email request to pay for raw materials that appeared to be legitimate.
If you think this couldn’t happen to you, or that you would easily be capable of uncovering the fraud, you might be interested to know that the FBI released information indicating that thieves had stolen $215 million over a 14 month period using this exact scam.
Certainly, those businesses that were victims thought it couldn’t happen to them too.
Spyware virus
A man sent an email to his ex-girlfriend hoping to monitor what she did on her computer. She opened the email on her work computer, and over the course of two weeks, the spyware emailed the man more than 1,000 screenshots of confidential data on 150 customers.
The business incurred notification and credit monitoring expenses for the affected customers.
Dumpster diving
A woman looking for coupons in a large recycling bin found records containing social security numbers and medical histories. The papers came from a local medical office, and included details about more than sixty patients, including drugs they were taking, and whether they were seeing a psychiatrist.
The papers were tossed by an employee with an otherwise long and stellar service record. The incident constituted a breach of HIPPA , and resulted in governmental fines against the medical office.
Data theft or cyber extortion
A U.S. based information technology company contracted with an overseas software vendor. The vendor left certain “administrator” defaults on the company’s server and a “hacker for hire” was paid $20,000 to exploit the vulnerability.
The hacker demanded an extortion payment, otherwise he would post records of millions of registered users on a blog available for all to see.
The extortion expenses and payments are expected to exceed $2,000,000.
Curious about what you can do to prevent Cyber Crime?
Why Businesses Need Coverage
The claims examples above only scratch the surface when it comes to the types of claims occurring on a daily basis.
Just consider how many ads you see offering to monitor your credit, protect your identity, and spend millions to restore your good name if stolen.
Unfortunately, we’re in a whole new world where the physical threats we faced years ago from severe weather, highly dangerous products or inherently risky professions such as a neurosurgeon are not the only factors we need to consider.
Historically, the cost of insurance protection generally decreased as your risk of loss diminished. We could all understand this logic, and we could adapt our businesses accordingly.
We could risk manage exposures such as severe weather by selecting higher deductibles, we put quality controls in place to substantially reduce the risk of the products we manufacture causing injury to someone, and we require the best education and put the most advanced technology in the hands of our neurosurgeons to all but eliminate the chances of bad outcomes.
But how do we manage this new cyber & data breach risk?
If our country’s largest, most sophisticated organizations deploying the best cyber security protocols can be breached, how can we assume we’re immune?
If the data and systems of our government, the IRS, CIA and FBI can all be compromised, is it realistic to believe that just because we’re a small business, we’re safe?
Now more than ever, small businesses are standing up and saying ‘we need help.’
And that’s exactly what we provide.
Help in managing the exposures a small business faces so we can reduce the likelihood of a breach, and help in securing the most appropriate Cyber & Data Breach Insurance to respond when the inevitable breach does occur.
There is no standard cyber liability policy
Cyber is a whole new animal.
There is no standard policy, no common forms, no historical trends to analyze.
Each company offering a policy form has developed their own list of coverage options available and exclusions included, which is great for consumers because so many different options exist.
However, it presents a challenge in that no standard cyber policy is available that consumers, Insurance Advisors and even court systems can use as a benchmark.
Cyber insurance is hugely complex, and since each policy is different, only a licensed Insurance Advisor is equipped to assist you in understanding why you need cyber insurance, and then most importantly, helping you develop a specific policy designed to adequately protect your business.
Find out more on how we help small businesses get cyber liability insurance coverage in Ohio?
To learn more about how we can help you, download our Cyber & Data Breach Liability eBook, or if you need to get insurance coverage in place now, simply Request a Proposal and we’ll get to work right away.