With every 2 in 3 businesses saying they have been the target of a ransomware attack it is more important than ever to have insurance protection against these growing cyber threats.
Cyber liability insurance – also known as cyber security insurance or cyber risk insurance -- protects a business from the cost of threats to computer systems and data.
“Cyber liability exposures represent an emerging threat to business today,” Bryan Smith, vice president of product management at The Hartford, told Forbes in September 2021. “Threat actors continue to develop increasingly sophisticated ways to access business systems and networks leading to the potential loss or destruction of confidential business and customer information.”
Daily headlines show that these cyber-attacks, especially ransomware attacks, are on the rise around the world.
“It’s no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about,” wrote Derek Manky in SecurityWeek on Dec. 15, 2021. “For every attack that makes the headlines, there are many more that don’t. In fact, a recent survey by Fortinet found that more than two-thirds of organizations say they’ve been the target of at least one ransomware attack.”
Recent Cyber Attacks Highlight Risks for Businesses
Forbes says cyber attacks on your business can come in different ways, including:
- Data breaches. Breaches occur when critical information is stolen such as personal financial information.
- Computer attacks. In this kind of cyber-attack, your computer system is hacked and compromised.
- Cyber extortion. Thieves may demand ransom payments during an extortion threat to your company’s computer system.
While high-profile ransomware attacks, such as the Colonial Pipeline attack or JBS Foods breaches in 2021, grab most of the publicity, cyber-attacks are occurring each day to businesses of all shapes and sizes.
Scanning SecurityWeek cyber threat reports from just the past 10 days finds the following:
- Recent security The Associated Press reported Dec. 17, 2021, that an “information technology system security breach detected late last month prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation.”
- SecurityWeek reported Dec. 16, 2021, that North American propane distributor Superior Plus announced that it had to shut down certain computer systems after falling victim to a ransomware attack.
- HR management platform Ultimate Kronos Group (UKG) on Dec. 14, 2021, started notifying customers that it fell victim to a ransomware attack that took down multiple applications over the weekend.
- The Associated Press reported Dec. 14, 2021, that “the information technology agency that serves Virginia’s legislature has been hit by a ransomware attack that has substantially affected its operations, state officials said Monday.”
- The FBI issued a warning over Cuba ransomware attacks targeting critical infrastructure. As of November 2021, the gang behind Cuba ransomware managed to compromise at least 49 entities in the government, healthcare, financial, information technology, and manufacturing sectors To date, the cybercriminals behind this operation have demanded at least $74 million in ransom and might have received over $43.9 million in payments from their victims, the FBI says.
Types of Cyber Liability Insurance
Cyber liability insurance covers the damage that your business suffers because of a cyber security breach including the following costs:
- Investigative services into the security breach
- Data recovery following the breach
- Identity recovery needed to regain control of identity information after a breach
Forbes also says that “cyber liability insurance also covers damage impacting your customers or business partners because of the cyber-attack. These damages include things like legal fees, customer notifications and settlement costs.”
What else can cyber liability insurance cover? Forbes says some policies will cover:
- Ransom payments you have to make to get back your data access
- Customer and employee lawsuits due to privacy breaches
- Lost income because of network outages
- Regulatory fines
The Risks of Not Insuring Against Cyber Threats
The Insurance Information Institute says that insurance experts now consider the risk of cyber liability losses to exceed the risk of fraud or theft.
“The risks of cyber liability are evolving rapidly, with new risks emerging as technology advances and new regulations are put in place,” writes the Insurance Information Institute. “In this tumultuous environment, your business can take several steps to limit risks, including purchasing cyber liability insurance.”
The Insurance Information Institute says if your business is hacked, your company may be exposed to the following risks:
- Liability: You may be liable for costs incurred by customers and other third parties as a result of a cyber-attack or other IT-related incident.
- System recovery: Repairing or replacing computer systems or lost data can result in significant costs. In addition, your company may not be able to remain operational while your system is down, resulting in further losses.
- Notification expenses: In several states, if your business stores customer data, you’re required to notify customers if a data breach has occurred or is even just suspected. This can be quite costly, especially if you have a large number of customers.
- Regulatory fines: Several federal and state regulations require businesses and organizations to protect consumer data. If a data breach results from your business’s failure to meet compliance requirements, you may incur substantial fines.
- Class action lawsuits: Large-scale data breaches have led to class action lawsuits filed on behalf of customers whose data and privacy were compromised.
Keep in mind that some boilerplate business insurance policies may provide coverage for certain types of cyber incidents.
For example, if you lose electronic data as a result of a computer virus or hardware failure, your insurance may pay recovery or replacement costs.
To extend coverage for a fuller range of cyber liability risks, however, your business will need to purchase a stand-alone cyber liability policy which can cover:
- Loss or corruption of data
- Business interruption
- Multiple types of liability
- Identity theft
- Cyber extortion
- Reputation recovery
Contact the trusted Dean & Draper insurance advisors today to find out which cyber liability insurance can provide your business with the best terms and coverage.
Dean & Draper is a Trusted Choice insurance agency representing over 200 insurance companies. For over 36 years we have offered a trusted freedom of choice to our clients. ContactUs.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.
©2021 Dean & Draper Insurance Agency All Rights Reserved.