Should Your Insurance Company Offer Cyber Protection?

Cyber ​​security has become a growing concern for US businesses over the past couple of years, and rightly so. Information breaches have not only become more and more common, but also much more important. Nothing illustrates the state of modern web security as well as the most recent breach, which saw hackers target the IRS by exploiting flawed security to compromise more than 100,000 taxpayer records.

Similar breaches have affected much smaller businesses as well, and it’s common to see a forward-thinking insurance company rushing to adapt. Here’s what you need to know to determine whether, first, you really need cyber insurance, and second, what to look for in a policy.

Are you at risk?

If you are working with customer information of any kind, the answer is probably yes. The term to look for here is Personally Identifiable Information or PII. It’s not a technical term, but rather a legal term that has teeth if you need to deal with it.

At its core, PII is any piece of information collected that could potentially allow a third party to identify individual customers of a business. Given the internet’s ability to mine even tiny clues to locate a person, this definition is complete. Full names, email addresses, site nicknames, and (sometimes) even web cookies can all qualify as PII.

If you store something that falls under the PII umbrella, you risk a violation. Breaches are extremely costly, both to the affected customers and to the company responsible for the loss. Companies in the healthcare and retail sectors are clearly at increased risk. Yet, at the end of the day, any business that makes a habit of collecting information should ask their insurance company about cyber policies.


What your cyber policy needs

There are a few things you will need to look for in any cyber insurance policy. As you might expect, a good policy should cover financial damage directly caused by a breach. However, cyber attacks can cause financial damage in different ways. In particular, make sure your business is protected against:

  • Losses caused by lost time and productivity. A major hack can cause company gears to grind to a halt. Find an insurance company that guarantees coverage for the revenue lost during this period.
  • Indemnification caused by a third party. Few modern companies handle their data on their own. Outsourced IT support or other companies can fall victim to a breach that affects your customers.
  • Loss of Reputation. Breached companies, even those that have done their due diligence, almost always take a PR hit in the wake of an attack. A good policy offers some cushioning against the customer losses that generally ensue.

Finally, also do your best to work with an insurance company that has an educational component. Some plans will also be accompanied by training to avoid a breach. As nice as the protection is, it’s safe to say it’s best to leave it unused. Installing a set of best practices can save you from having to rely on a safety net in the first place.

Article Source: