Cyber Threats to Your Business and the 3 C’s
In the very near future, cyber security exercises are going to be absolutely expected of all companies by regulators. – Michael Vatis
Maybe you run a web design business that’s basically just an extension of your personal freelance practice. Or perhaps you’re at the helm of a larger company with 50+ employees and hundreds of customers.
In either case, you recognize the lurking dangers of cyber security threats.
To clarify your risks-and potential solutions-this article will explain three concepts (the 3 C’s): cyber security; cyber liability; and cyber insurance coverage. Read on for insight about your exposure and what to do about it.
1. Cyber Security
Cyber security has to do with actions you take to shield your business from disaster. Analogous to a construction site hardhat, these are the physical and software protections for your company’s IT system.
Online dangers are diverse and often unexpected. They can include:
- A virus compromises your data or hacks your system;
- Someone overseas takes down your business using malware;
- A disgruntled employee breaks into your company’s computers and steals credit card information.
2. Cyber Liability
Cyber liability has to do with where things can go wrong. What are your vulnerabilities? What losses are at stake? These include:
- First party damages. Your own data is compromised, or your system gets destroyed, and you need to replace data or technology. For instance, you download malware, which makes your computer unusable. Now you need to buy a new Mac for $3,000.
- Third party damages. If you lose customer data-such as Social Security numbers, HIPAA information or credit card numbers-it’s up to you to fix the problem. You might need to:
- Replace or repair third party computers.
- Re-compile and replicate data.
- Business interruption. If you get hacked or breached, your company may need to go offline for days to clean up the mess. That lost productivity can add up to major losses.
- Notification expenses. In most states, you need to notify third parties if you suspect that you have been hacked or breached. This can get costly if you have a large number of customers. You may also need to provide them with ongoing identity theft protection for a certain amount of time. Almost all states (47 out of 50) have statutes that require this notification.
- Regulatory fines. State and federal laws require your business to protect data. If you fail to do so, you can be fined.
- Class action lawsuits. If you run a larger business, and there is a major data breach, your company can become the target of a class action. One of the most famous examples is the Target data breach of 2013.
3. Cyber Insurance Coverage
To mitigate risk, you can simply transfer cyber liabilities to an insurance carrier for a premium. If/when an event occurs, the insurer will help you pay for diverse expenses (discussed above).
The carrier can also connect you with third parties to mitigate the fallout-for instance, PR firms to deal with bad press, forensics companies to recover data, etc. Cyber insurance can help you during the “pre-loss” phase as well-to get the right IT structures in place to minimize risk.
Understanding Your Vulnerabilities
Almost every company has exposure. The reason why bad people seek this information is that it has value on the so-called Dark Web. You obviously do not want your information (or your employees’ information or your clients’) to wind up on the Dark Web. Here’s what’s at risk:
1. Personally Identifiable Information (PII), such as Social Security numbers and driver’s license numbers.
2. Protected Health Information (PHI), such as HIPAA data.
3. Payment Card Information (PCI), such as credit card numbers.
Your Next Steps
Acquiring proper coverage is relatively easy to obtain. Your costs will depend on several factors, such as:
- The size of your business;
- The nature of your exposure;
- Whether you’ve been breached or hacked in the past;
- The type of work you do;
- The number of clients you have.
If you face exposure, schedule time to speak with one of the cyber specialists at Lyons Companies or a qualified agent as soon as possible to understand your risks and reclaim peace of mind.
ABOUT THE AUTHOR
Mark Hoffmann is Commercial Lines Marketing Manager and Senior Account Executive at Lyons Companies. He specializes in analysis and development of insurance and risk management programs for new clients. In addition to directing commercial strategy and carrier relationships, Mark is responsible for the design and implementation of risk management programs. He has spent over 25 years in the insurance industry working for regional and national brokers. Areas of expertise include: construction and real estate, public entities, professional service firms, and manufacturing. Mark is a graduate of Penn State University.