It was reported recently that a majority of technology companies have experienced data breaches and other cyber incidents, yet only one in 10 has cyber liability insurance. That revelation came from the Stratton Agency, Risk and Insurance Specialists, in a report issued last month. James Marek, co-owner of the Stratton Agency, which is based in San Carlos, California, made this observation:
Ironically, technology companies are among the companies most vulnerable to cyber-attacks. Even when tech companies are well protected, hackers can often find a way in. LinkedIn, Yahoo!, DropBox and eHarmony are just a few of the companies hit by attacks that exposed private information from millions of user accounts.
Cyber-attacks are increasingly common, with 46 percent of all companies experiencing a data breach each year. Cyber incidents may also include contamination from viruses or malware, theft of laptops or mobile devices, denial of service attacks, insider abuse and negligence. While larger companies make the news, small companies are especially vulnerable, according to Marek, because it’s assumed that it is easier to breach their security systems. Analysts estimate that damages from the average data breach exceed $5 million, but costs can run much higher. The U.S. government recently indicted a group of hackers who netted hundreds of millions of dollars by hacking personal information from several companies.
Since it appears even the best security systems can be hacked, companies need cyber liability insurance in addition to tight security to protect themselves from losses that can reach catastrophic levels. For comprehensive cyber liability coverage, it’s recommended by the Stratton Agency that tech companies need to add cyber liability coverage to both their general liability (GL) and their errors & omissions (E&O) policies. With cyber liability coverage added, the agency says a GL policy should cover:
• Data breach services, including consulting, fraud alert and identity restoration.
• Data breach expenses, including cost of notification, forensic analysis and proactive monitoring services.
• Legal services, public relations, data breach ransom and more.
Cyber liability coverage on an E&O policy should include protection for:
• Transmission of a computer virus.
• Failure to protect a third party’s data or information, including unauthorized access, use or theft.
• Inability of an authorized party to gain access to products and services.
• Coverage for media and content infringement, including software and computer code.
• Security breach event notification and management expenses.
Cyber liability coverage varies significantly among carriers. Premiums vary greatly, based on factors such as company size and the level of risk, but the cost for a small company can be as low as a few thousand dollars. Companies can reduce their premiums by adopting strong security measures, according to Marek. A logical place to begin is with strong password protection. Passwords should be encrypted and should change regularly.
It is recommended that companies should also conduct regularly scheduled risk audits to identify areas of vulnerability. Firewalls, anti-virus and anti-malware software, and virtual private networks should be used and updated frequently. Since hackers look for the weakest link, make certain that all electronic devices, including mobile devices, are secure. A written IT security policy should define individual responsibilities, and a plan should be in place for reacting if and when a cyber-attack takes place. The policy should cover all aspects of IT, including social media. Security policies should be strictly enforced and all employees should be trained to understand them.
Source: Claims Journal
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.