Your day started great -- until you found out about the overnight data breach at your business. Some hacker broke into your server and stole thousands of credit card numbers from your customers in addition to confidential company data. What now?
If you and other company leaders have planned ahead, you have cyber liability and data breach coverage as part of your business insurance package. If not, you'll face weeks, if not months, of contacting customers and doing damage control.
Most companies notify vendors and customers through public announcements and emails and offer to purchase identity protection for those affected by the breach. Businesses also must respond to inquiries about the incident -- often hundreds a day. On top of the time spent addressing the crisis, the PR hit alone can be devastating to a company and its leaders.
Consider what happened at Target after it announced a data breach last December. The company's profit dropped more than 40% in its fourth quarter, which ran through January. It still faces litigation from the incident.
Chances are your company is much smaller than Target, and your data breach won't be as widespread. But the Target example is far from a single example. In 2012 alone, 267 million records were exposed, according to business information services company Experian (Tweet This!). Are you willing to risk it?
Know your general business liability coverage
Many entrepreneurs believe they have coverage through their general business liability policy. This typically protects against injuries on your premises or suffered because of your product and against advertising injury -- trademark or copyright infringement, an invasion of privacy, libel, and slander.
Some general business liability policies include cyber liability and data breach coverage, but most do not. Ask your agent whether your package has those protections. But don't stop there -- have the agent explain what's entailed in any protection you have. Many carriers sell cyber liability and data breach coverage as an optional add-on to policies (Tweet This!).
What cyber insurance does
Cyber liability insurance is a broad term covering a number of options offered by providers. While no two products are identical, there are some protections you should look for in a policy:
- First-party coverage: This protection insures your company for losses it suffers because of the cyber attack or data breach. This includes coverage for theft and fraud because of the incident. It also typically covers business interruption -- reimbursing your company for lost income if you can't continue regular operations because of the event.
- Third-party coverage: This covers you for losses suffered by third parties -- clients and customers. Among problems it addresses are the costs of lawsuits, settlements or judgments. It also can help pay the costs of credit or fraud monitoring, and it can offset the costs to notify customers and employees and others affected by the cyber attack or data breach.
How much does it cost? It depends on what your company does and how much risk is associated with it, and it is affected, of course, by how much coverage you want. Talk with your agent about your options.
How you can help yourself
Regardless of how much coverage you buy, you also should take steps to avoid cyber attacks. One of the most critical is to adopt stronger passwords, encrypt them (your IT pros will understand this even if you don't), and change them often.
You also should develop a written IT security policy that addresses account management and the physical security of your equipment. Hold regular audits to find vulnerabilities in your software and hardware. Include your network security software in this audit.
Still think it won't happen?
Despite the risks posed by data breaches, you trust your Internet technology team and its safety measures. It's great to have confidence in your associates, but know this: The leading cause of data breaches is negligent employees, according to a 2011 study by Symantec Corp., a computer security company, and Ponemon Institute (Tweet This!).
Note the word "negligent." On its face, that term poses huge liability risks for you as an employer and business owner. Make sure you're prepared if your company suffers a breach.
(Image via freedigitalphotos.net)