Understanding and Managing Cyber Risk
The internet provides great opportunities and increased capacity for businesses using this medium in marketing and providing products and services to their customers. With it brings risk of criminal intrusions, theft and computer system vulnerabilities that can result in significant financial loss to businesses and their customers.
Most recently the Home Depot intrusion and breach exposed 56 million customer’s credit card information. The Target intrusion and breach exposed over 40 million customer credits cards. The recent Federal government intrusion and breach exposed personal key data of more than 20 million Americans.
These successful intrusions into large companies and the Federal government were widely publicized in newspapers and over the airwaves. However, according to a study done by Verizon and Symantec in 2012, one in three such intrusions or breach incidents were made into businesses with less than 250 employers. Included with this article are additional examples of claim scenarios that were published by Philadelphia Insurance Companies, one of the leading providers of Cyber Security Liability insurance programs. These examples clearly show that we all are at risk.
To help mitigate exposure, many insurance companies are now offering insurance products for Cyber Risk. However there is no standardized policy form and each insurance company’s policies are different. Close review of the policy language is essential to determine if the policy truly meets your needs.
Insurance companies that are very experienced in providing comprehensive coverage will ask the following key questions as part of their coverage application process:
• What is your business and operations?
• Have you had a cyber compromise incident and what was your corrective action?
• Do you have firewalls and encryption protocols on your computer systems?
• Have you had a cyber audit within the last 12 months and what was the result and mitigation implemented?
• Do you have IT security policies and procedures both internal and external to your operation and what is the extent of those policies and procedures?
• Are systems back-up and recovery procedures tested annually?
• Do you have a written IT business continuity/disaster plan?
• Do you review, evaluate and re-implement your continuity/disaster plan annually?
Cyber Risk Insurance Recommendations
Key Insurance Coverage to consider:
First Party Protection: YOU
• Loss of digital assets
• Business income and extra expense due to an intrusion and/or denial of service caused by the intrusion
• Cyber extortion threat
• Security event/incident costs
Third Party Protections
• Network Security & Privacy Liability Coverage
• Employee Privacy Liability Coverage
• Electronic Media Liability Coverage
• Cyber Terrorism Coverage
• World Wide Coverage
Managing Cyber Risk
• Decide whether to have an IT specialty staff either on-site or outsourced that has the expertise and experience in security protocols, as well as policies and procedures that are ahead of the curve. Evaluate and implement.
• Retain legal council to review outsourcing contracts and applicable laws pertaining to cyber issues and review your policies and procedures both internal and external applying to your computer and network systems.
• Develop, implement, and maintain plans.
• Retain an Insurance Broker with expertise and experience in cyber insurance and risk management planning.
When we all leave our offices at night we make sure the windows and doors are locked. The coffee pot is off and the burglar alarm is set. Let us all make as sure as possible that our cyber door is equally protected.