This fall, several large U.S. banks found themselves as the targets of a massive cyber attack, crippling their online banking services. Security analysts believe this was the biggest attack of its kind – and it will not be the last. Yet, it is not just big, well-known companies that need to be on alert.
Data breaches happen every day at businesses of all sizes, though most go unreported. Whether your clients are national corporations or local coffee shops, they need proper Cyber liability coverage. To make this product more palatable to your clients, we compiled the following list to help dispel many of the myths surrounding data privacy.
1. Myth: We don’t sell anything over the Internet, so we have no exposure to data breaches.
Truth: Most incidents of data breach involve back-office operations for brick-and-mortar businesses – including lost or stolen laptops, backup tapes and other hardware, paper records and so forth.
2. Myth: Our IT manager says our systems are “bulletproof” so there is no need to worry.
Truth: Data thieves continuously develop new methods of attack. Data perils come from outside the company or from employees, vendors and others with authorized access to part of a network. In fact, data breaches are often an inside job.
3. Myth: There is no damage from data thefts, so there is nothing to worry about.
Truth: Banks and other credit card issuers can seek reimbursement for dealing with fraudulent charges. Individuals at increased risk for subsequent identity theft may also sue. A business can also incur its own costs to notify affected individuals, hire data privacy attorneys and computer forensic firms.
4. Myth: The exposure is already covered in our current insurance program.
Truth: General Liability policies tend to have significant gaps in their coverages for a data breach. The standard ISO form does not typically address allegations that a business failed to protect data from unauthorized access or use.
5. Myth: Coverage for data privacy and security perils is too expensive
Truth: There are good policies that start at $1,500 for a $1 million limit. Coverage highlights include:
A broad definition of Unauthorized Access including network access gained by fraud or deception, lost or stolen hardware or storage media, misuse of access by employees and other authorized users and the theft or loss of paper records.
- No sub-limit for the defense of privacy regulatory actions arising out of an Unauthorized Access.
- First dollar Breach Mitigation expense reimbursement for compliance with security breach notice laws, voluntarily offering credit monitoring and public relations.
- Optional first party coverage for the costs to recover from an Unauthorized Access.
- Optional electronic media liability coverage for the content of the insured’s website.
- Computer forensics and incident response services provided as part of the claims process.