It's a nightmare scenario few small businesses consider: hackers breach your computer system, steal your customer lists and threaten to exploit sensitive data. Data breaches by malicious individuals don't just pose a financial risk. They threaten your reputation and can trigger litigation if your customers blame you for the exposure of their data.
So far, many of the victims of these high-profile attacks are large corporations. A poster child for this is the massive 2017 cyber breach of the credit reporting agency Equifax, which affected more than 143 million Americans. Equifax's financial loss was estimated at $125 million, equal to more than a quarter of their net income during 2016. Equifax also reportedly faces more than 50 class action lawsuits, which also may be covered by the company's insurers.
Here are some things to consider regarding the management of your cyber risk with potential insurance coverage:
- Do you have coverage? Your insurance policy may already cover some of the risks of cyber attacks. A good place to start is to review your policy and understand what is covered, if anything. Also spend time evaluating your potential risk to determine how it correlates to your insurance coverage.
- Comprehensive or partial? Depending upon how you assess your risk, you may consider either comprehensive cyber insurance or partial coverage in the form of a rider or endorsement on an existing policy. Talk to your current insurance firm to determine your alternatives. Because cyber insurance is still a new service, your provider's options may be limited. The cyber insurance market is currently dominated by four major insurers that offer comprehensive insurance, according to Business Insurance magazine: American International Group, Beazley, Chubb and Zurich Insurance Group. Partial coverage may include riders covering errors and omissions, and the cost of business interruption caused by cyber attacks.
- Unique elements of a cyber insurance policy. Most comprehensive cyber insurance policies cover breach-response and forensic costs. This covers the cost of finding the cause of a data breach, fixing it and limiting the damage. Comprehensive policies should provide liability coverage in case you are sued by customers as a result of their data being exposed during the attack.
- Know the exclusions. Some cyber insurance policies do not cover breaches caused by infrastructure failure, or attacks by state-sanctioned hackers, according to ThinkAdvisor. There have been many high-profile cyber attacks allegedly attributed to hackers affiliated with the Russian and Chinese governments in recent years, so know how your policy covers this situation.