Data Theft

If your business has a website, or even just sends out an email, your data is at risk of theft. If your data is breached, you are legally liable. And if you are sued, you are responsible for legal fees, court-ordered settlements and other court-related fees. You will also be required to notify customers of the breach and pay for credit monitoring services for them. Lastly, you’ll probably have to hire a PR firm to help mitigate the damage to your reputation — if you are still in business. “Most companies don’t feel they are at risk, especially smaller companies,” says Joe Haney, CEO of Sterling Insurance. “But it’s even easier to attack small companies, because they don’t have the level of security that larger companies do. Smaller companies often don’t feel like they are a target, but if you have laptops, if you store customer information, if you accept online payments, if you are connected to the Internet, your business is at risk.”

Although the costs of a breach may not be as large for smaller companies, the impact can be more devastating. Haney cites the example of a small Detroit-area restaurant whose credit card information was compromised. Because federal and state laws require companies to notify those who may have been impacted by a breach, the incident cost the restaurant $50,000 out of pocket, an expense not covered under its general liability insurance.

And as technology continues to evolve, the increasing amount of information stored and transferred electronically will dramatically increase the potential exposure of businesses. To decrease the risk of an outsider accessing your data via a lost or stolen laptop:

  • Let employees know they are responsible for the laptops.
  • Add a company label or engraving to the computer to make it less attractive to thieves.
  • Use encryption software.
  • Install tracking software.

Protecting your data
Although you can’t eliminate your risk of falling victim of cyber theft, there are steps you can take to lessen your risk of someone accessing your data. Implementing internal controls can decrease your exposure. Once you’ve identified your data, determine its location and move it to a more appropriate place, if necessary. Then develop a privacy policy that addresses personally identifiable information, personal health information and customer information. Another way to protect yourself, should a breach occur, is with cyber liability insurance specifically designed to address the risks that come with using modern technology. To get started, contact an agent who has experience with cyber liability, as it is still a relatively new product, and many agents may not understand the intricacies. “An experienced agent can walk you through the process to assess your operation, do a risk audit and determine your needs and exposures,” says Haney. “It’s important to work with a broker who can identify your areas of risk so a policy can be tailored to fit your unique needs.”

Cyber liability coverage
There are two types of cyber liability coverage — first party and third party. First-party coverage includes cyber expense reimbursement, security breach notification and remediation expenses, crisis management services, business interruption and extra expense, and extortion. Extortion — in which hackers hijack and ransom a web site or network, denying access to you or your customers and resulting in loss of revenue, paying the hacker’s demands and rebuilding after the damage is done — may sound extreme, but Haney says such attacks are not uncommon and are nearly impossible to trace.

Third-party coverage includes communications and media liability coverage, network and information security liability coverage and technology errors and omissions liability coverage.

Business owners often think it won’t happen to them, but if a breach does occur, cyber liability insurance could mean the difference between recovering and going out of business.

“You can’t afford not to have it in today’s world,” says Haney. “If you have employees who touch customer information, if you are connected to the Internet, your exposure is great. And the cost of cyber liability insurance isn’t that much compared with what it could cost you not to have it.”

For more information, contact Joe Haney at