Does my company need cyber insurance?

Q:

Does my company need cyber insurance?

A:

This is a particularly relevant topic given the recent cyber attacks and threats discussed heavily in the media (like the one involving Equifax). But what about the average business? What kind of cyber risks do they face?

Cyber risk is roughly defined as any risk of financial loss, disruption, or damage to an organization's reputation due to a failure in its IT systems.

These days, most businesses, whether they know it or not, are collecting troves of customer data. This data is invaluable and inform business decisions in both product development and sales and marketing. However, any business that collects personal data has the responsibility to protect it. If you fail to take reasonable steps to protect your customer data, you may be held liable for what happens to it.

The kicker is that this data is more vulnerable than you think. Customer data and even your company's own proprietary information can be leaked through the improper disposal of documents or office equipment, stolen devices, or even by accidentally emailing the information to the wrong person. Fortunately, most of these breaches are opportunistic in nature. Unfortunately, there is an increasing number of data breaches targeting small business.

To protect itself, your business should institute prevention measures and purchase cyber insurance.

Information security and procedures should be part of your staff's standard training. Many attacks these days involve social engineering, which simply means tricking staff members into giving up private information. Proper training will help your employees identify suspicious requests for information and know how to respond when they're unsure about an e-mail or phone call they receive. There should also be procedures in place for the disposal of documents or office equipment. Electronic devices like desktops or storage devices should be encrypted in case they are lost or stolen.

When a breach occurs, there should also be procedures, likely created by your IT department, for how to recover and minimize damage. Having firewalls and other security systems in place will help, and so will maintaining backups of important information.

Despite your best efforts, a determined attacker will still be able to gain access to your systems provided they are dedicated enough. When this happens, it is best to have cyber insurance in place to help your business recover.

This type of insurance is still in its early stages and there are no standard forms available, but most cyber insurance policies provide coverage for privacy breach expenses, business interruption coverage, and legal expenses.

(See Cyber Liability Insurance: Is Your Business Covered? to learn more.)

Have a question? Ask us here.

View all questions from Jacques Wong.

Share this:
Written by Jacques Wong
Profile Picture of Jacques Wong
Jacques grew up around the insurance industry and began actively participating in 2013. Since then, he has gotten a Level 2 license, won an Insurance Council of BC award in 2015 for academic excellence in the insurance licensing courses and educates insurance professionals through PNC Learning.   Full Bio