By Anne Dee, CPCU, Executive Vice President at HUB International New England and Tim Francis, Enterprise Cyber Lead, Travelers
One of the largest data breaches in history occurred at eBay during late February and early March of 2014, potentially exposing the personal financial information of 145 million shopper accounts. As this event demonstrates, your business is vulnerable to data breaches, even if you follow strict data security protocols. The following article, co-authored by Travelers and HUB International, underscores the need for cyber insurance.
Cyber sales are a critical and growing source of annual revenue for many businesses. With every "click" of the purchase button, shoppers put themselves at risk of having their personal information stolen - a risk that is typically absorbed by the businesses from which they are buying.
To protect a business against cybercrime, it is essential to take a proactive approach and have the right kind of insurance coverage. Every business has its own unique needs and risks, but there are some general guidelines outlined below that can help manage that risk and protect the business both in-store and online:
Identify the critical information a business has, needs and stores.
Analyze the threat to that critical information. Questions to ask include:
- Does your business have an online sales component? If so, are you protected against the increasing threat of cyber risks?
- Is sensitive customer information stored on site?
- Do you have adequate protection if your site or online sales tools are compromised?
Evaluate the vulnerabilities to your business that would allow a cyber-attack on that data, and assess the impact of the attack.
Develop countermeasures to prevent and mitigate damage in the event of a cyber-attack by having sound response strategies in place. Such measures include:
- Evaluating the security settings on software, browser and email programs.
- Using one computer for online banking needs and employing SecureID protection.
- Monitoring use of mobile devices and public WiFi access for employees.
- Storing critical information through a remote server.
Develop the plan, implement it and communicate it to leadership and employees so they understand their roles and responsibilities. Test the plan periodically and revise as necessary.
While it is important to develop and implement safeguards against cyber criminals, these plans are most effective when combined with the proper insurance coverage designed to address cyber risks. Coverage typically includes liability protection for when customers or others who have been affected hold a company responsible for information stolen during data breaches or other network intrusions. A cyber policy also can include coverage for forensic investigation, litigation and remediation expenses associated with the breach as well as regulatory defense coverage, crisis management or public relations expenses, business interruption and cyber extortion.
Cyber risk is a very real issue that can impact a business and have lingering effects on its ability to operate. Taking the proper risk management steps, as well as obtaining the right insurance coverage, will help ensure that the business' bottom line is protected.
1. Ponemon Institute Appendix 1: Summary of Lost Laptop Framework