The risks involved in corporate system and data breaches are numerous and costly, but new data is surfacing that is worth reporting on.
According to recent survey conducted by the Symantic Corp. and the Ponemon Institute, the average organizational cost of a data breach in 2010 was $7.2 million! You may think, well, that's just for large companies and you would be correct; but what they also reported was that the average cost per compromised record averaged $214!
If you're a small business and have about 5,000 customers in your database that's just over $1 million in expenses just to comply with state and federal laws and doesn't even begin to measure the costs associated with damage to your reputation or brand. That's a million dollars in costs that aren't likely covered by your business owner's insurance policy, general liability, or umbrella liability coverage.
If your company operates on the web this is only one exposure you face, and when I say "operate on the web" I don't mean being a technology company. Brick and mortar retailers, wholesalers, service companies, and manufacturers all may "operate on the web" if they have any sort of customer interface over the internet. If you exchange personal information of customers, take orders, or conduct commerce over the web you likely have this exposure. If you maintain databases of customers on a computer, server, or cloud (and who doesn't today) you also are exposed to hackers and unintentional leaks of data.
Firewalls, anti-virus software, and security technology are all good risk management tools, for operating on the web at any level, but so is proper risk transfer (insurance).
The majority of standard business owner's policies and package policies do not address the various exposures that the internet presents to any business operating on the web. Those policy forms were written in the "pre-internet" age and don't even contemplate the various exposures you have on the net. But, specialized forms are now available that specifically address these exposures on a portfolio basis - meaning that different coverage parts can be added, subtracted or customized to your specific needs. The best news is that "Cyber-Liability" policies as they are called, are not that expensive, compared to the relatively high cost, and high probability of loss that exists. Many experts today say it's not "IF" you'll experience a cyber liability claim, but "WHEN"!
With that thought in mind, let's think about the other insurance policies most business owners have - property insurance to protect their building and contents from a fire or theft, or other covered peril; general liability insurance to protect them from lawsuits for bodily injury or property damage; workers compensation as mandated by most state laws; auto insurance for their fleet of vehicles; and excess liability coverage, sometimes called an umbrella to provide "extra" liability coverage over their primary general and auto liability policies. How many fires does a business owner experience in their lifetime? How about liability claims for slip and falls?
I'm not saying that a business owner shouldn't protect these exposures; it's just a "given" that we must have these policies - it just makes sense to transfer the risk of a potential adverse financial loss (claim) to an insurance company. So if it's likely that your company WILL experience a data breach at some point in the future, doesn't it make sense to also transfer that risk to an insurance company? Especially since we know the likelihood of it happening and the costs associated with it?
I will cover the various coverage parts of the Cyber Liability policy forms in the next several posts for a better understanding of what's involved in this unique and need coverage form.
For more information related to Cyber coverage, Technology insurance, or general business insurance, please do contact us!