What Every Business Needs to Know about Cybersecurity Insurance

In the aftermath of the Equifax data breach (see our earlier post here), many businesses are scrambling to find out more about their cybersecurity insurance. Do they have enough coverage? What happens in the event of a breach? Investing in appropriate coverage is smart, but it can only mitigate some of the financial risk associated with cyber attacks. For example, there is not much cybersecurity insurance can do about the hit to a company’s reputation after a breach or the associated loss of business. Below are several other facts about cybersecurity that businesses need to know.

Businesses Cannot Insure Against All Risks

Investing in cybersecurity insurance is one way companies can manage their risk. However, there are so many cyber threats that to insure against them all would be cost prohibitive. Instead, businesses should focus on the threats most likely to affect them. They should also take a top-down approach: identify what digital assets are most important and afford them the most protection. From there, businesses can measure the remaining threats and insure accordingly.

Cyber Insurance Has Its Limitations

Like many other types of insurance policies, cyber insurance has exclusions and limitations. As mentioned above, it is not suitable for dealing with damage dealt to a business’ reputation. It is also inadequate for covering the loss of intellectual property. Business owners need to familiarize themselves with their policy’s weaknesses and invest in supplemental insurance if necessary.

The Wording of Cyber Insurance Policies Matters

Some cybersecurity insurance policies include coverage that overlaps with other standard business insurance policies. Businesses need to dig into their policies to make sure they have the coverage they need for the cyber threats most likely to happen to them. Cyber insurance policies should do more than provide financial recompense. After a cyber attack, businesses will need a legal and PR response at the least.

However, sifting through dense insurance policies can be confusing and no business wants to leave itself exposed to cyber threats. The Reilly Company can help business owners identify their specific threats as well as which cyber insurance policy would benefit them most. To learn more about protecting your business from cyber threats, contact us today.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Equifax’s Cyber Insurance Not Enough to Contend with the Breach

As news broke of one of the biggest information hacks in history, Equifax became the new face of insufficient cyber security. The breach now serves as a cautionary tale for businesses everywhere. Most cyber attacks focus on small businesses, as they are often easier to hack into due to deficient cyber security. Larger businesses are harder to penetrate as they can afford to invest in the best cyber security available.

However, as Equifax is learning the hard way, investing in cyber security does not mean businesses do not need cyber liability insurance. Equifax has several insurance policies covering cyber security, general liability, crime, and much more. However, untangling which policy will payout for the hack will take time, and the coverage is likely not going to be enough to account for the expense.

Cyber liability insurance is not the only policy plaguing Equifax. Their property and business interruption insurance is likely inadequate to compensate for the losses they are encountering and will experience in the coming weeks. They are also contending with investigations at the state and federal level as well as a potential multi billion-dollar class action lawsuit.

Understanding the Breach

Hackers were able to achieve such a massive breach by taking advantage of a U.S. website application weakness. Equifax discovered the breach in late July and immediately engaged a cyber security firm to halt the attack. However, the breach began several months prior and accessed up to 143 million individuals’ private information. Equifax also commissioned the firm to discover what data the hackers compromised and how to prevent such an attack in the future. In the meantime, Equifax created a website to allow individuals to determine if the breach included their personal information. Equifax is also offering free credit monitoring for a year.

Risk Retention

In the aftermath of the breach, many are wondering why Equifax’s cyber liability coverage is insufficient. It comes down to risk retention. It is a risk management technique where a company plans to accept certain losses. Some examples include high deductibles or not investing in insurance on purpose. However, Equifax’s situation is more complicated. What insurance policies and how much coverage they choose varies depending on availability, cost, and perceived threats. The attackers struck during a period of insufficient coverage as part of Equifax’s risk retention strategy.

Assessing and Addressing Cybersecurity Risks

Business owners need to evaluate their cyber security situation and manage any gaps in their coverage. Even if a business owner believes their coverage is sufficient, they need to reevaluate their policy from time to time. For example, many business owners believe their business liability insurance protects them in the event of a cyber attack, but this is often not the case. In addition, business owners need to adjust insurance policies as technology changes and businesses grow to ensure they have sufficient coverage.

Understanding Cyber Threats

The latest buzzword related to cybersecurity is breach, but that is not the only type of cyber threat businesses face. Below are some of the most common cyber threats business owners may encounter.

  • Data breach. Data breaches, such as the one Equifax is dealing with, happen after a security measure fails. Hackers access private data such as credit card numbers or social security numbers and use them without permission. Businesses that lose their customers’ data face high penalties, investigations, and more.
  • Hackers use this type of attack to target smaller businesses. They install malware onto a company’s devices and demand payment to remove it.
  • Third party data. This scenario applies whether your business handles a third party’s information or if your business engages a vendor to handle sensitive data. For example, if your business hires another company to safeguard sensitive data, cyber policies will still payout if hackers compromise the company.

The best way for businesses to protect themselves from cyber risks is to discuss their insurance options with an expert. The Reilly Company can help businesses assess and mitigate cyber risks as well as secure the best coverage pricing for policies. No business is impervious to cyber attacks; to learn more about protecting your company from cyber threats, contact us today.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Three Types of Insurance Business Owners May Not Know They Need

Starting a new business is an exciting prospect, but it also requires a lot of hard work. Entrepreneurs have to focus on several elements all at once such as their products, their customers, their insurance, and their bottom line. However, failing to invest in the right kind of business insurance can lead to financial ruin. While most entrepreneurs are familiar with the major forms of business insurance (i.e. general liability, property, etc.), not all businesses conform to traditional coverage needs. Below are examples of three types of business insurance coverage small business owners may not realize is vital to their continued success.

Home Business Insurance

Many individuals operating their business out of their home may assume their homeowner’s insurance covers them in the event of theft or damage related to their home business. Unfortunately, this is not the case. Some homeowner’s policies allow add-on coverage to protect some elements of a home business, but the best solution is to invest in home business insurance coverage. This type of policy covers liability, theft, loss of business equipment, and more.

Business Life Insurance

Many businesses cannot withstand the loss of their leader. This is especially true for small businesses since one individual may perform several major jobs. For example, the COO may also be the primary hiring administrator as well as head of marketing. A company would find it difficult to replace such an individual. Moreover, the time spent finding and training new employees to fill those jobs puts a financial strain on the company. If such an individual were to die without warning, the business itself could collapse. In the event of such an unfortunate incident, business life insurance helps companies stay afloat while they replace the individual.

Cyber Insurance

Almost every company does some business via the internet. While having a presence on the web is often good for business, it also represents a liability. If a business collects credit card information or personal data about its customers, it needs cyber liability insurance. Cyber liability insurance also provides coverage in the event of cyber attacks designed to disable internal networks. On average, cyber attacks cost small businesses $9000 per incident. As a result, companies who fail to invest in cyber insurance can experience financial instability or even bankruptcy.

Neglecting to invest in insurance specific to your business is an unnecessary risk. The Reilly Company can help your business identify risks unique to your industry and suggest preemptive methods to protect against them. Contact us to learn more.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Cyber Insurance Vital to Risk Management

Business owners can handle risk management in a couple of ways. They can reduce their exposure to risk as well as invest in insurance to protect their assets against risk exposure once it occurs. Reducing contact with known risks can reduce insurance rates as well. A company’s best line of defense is to mitigate risk to avoid expensive insurance claims; however, it is unrealistic to assume a claim will never happen.

Failing to invest in insurance is an ill-advised business practice and poor risk management. While many business owners do not intentionally overlook insurance, many are not aware of the coverage they need. For example, many businesses lack the proper coverage for cyber incidents. This is an issue as cyber insurance is necessary to controlling cyber threats. Technology in the workplace will continue to flourish, as will the associated risks. Businesses that collect customer data such as medical records or credit card numbers face a heightened risk of cyber attacks as they possess highly sought after and lucrative information.

Employee Negligence Limits Insurance Protection

More often than most would like to admit, employees fall for cyber tricks that result in a data breech. Some insurance policies only go into effect for unauthorized breeches. If a breech occurs due to employee negligence, the policy may not provide coverage. Smart business owners will train employees to recognize threats and risks as well as how to avoid them. Some examples include:

  • Never leaving laptops open and unattended
  • Creating strong passwords
  • Recognizing phishing email scams

Businesses need to consider all angles of exposure for effective risk management. The Reilly Company can help businesses identify the unique risks to their industry and develop a proactive strategy to defend against them. To learn more, contact us.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Understanding the Most Common Types of Cyber Attacks

There is a growing disconnect between the types of cyber threats business executives think they will encounter and the actual risks their company faces. Business owners hire consultants to install state of the art software to address relatively small problems while leaving larger issues unchecked. Below are some of the most successful types of cyber attacks most companies will encounter at some point.

Socially Engineered Trojans

This is the single most successful type of cyber attack businesses will face. Hackers will manage to gain temporary access to a trusted website. When an employee visits the site, a message will pop up and inform them they have a virus. It will prompt them to install a program to help remove the virus. It will be a fake program imitating an application the employee is familiar with and trusts, such as Adobe Reader. This executes the malware. The employee’s computer will display a warning that the program is potentially harmful. However, most programs, even safe ones, trigger this message so the employee does not pay it any mind. Thus, the hacker now has access.

Phishing Attacks

Most cybersecurity failures are the result of human error. Many individuals think that using a work computer will prevent them from being hacked. They assume the company’s existing firewall and security measures are sufficient. As a result, they drop their guard while checking their work email. Phishing scams have come a long way in recent years, so they are not as obvious as they were in the past. Companies can provide employee training to help their staff understand how to recognize this kind of threat.

Network-Traveling Worms

Individual viruses are not the major threat they used to be. Network-traveling worms, however, are still a nefarious threat. This type of worm is better at hiding itself and harder to detect. Employers should ensure all employee emails block executable files to defeat this type of cyber attack. Instituting strong password policies can help as well. Many worms run programs to try and brute force their way past logins by using common passwords (i.e. 12345, qwerty, password1, etc.).

Businesses need to make sure they are employing the right kind of cyber protection. Many of the above issues are easy to mitigate with the proper cybersecurity and preventative measures. Businesses cannot afford to lose data related to their top dollar projects. To learn more about cybersecurity, contact The Reilly Group.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Can Cybersecurity Protect Your Business Against Attacks?

In the early days of cybersecurity, IT professionals divided businesses into those that have been hacked and those that will be hacked. As technology improves and hackers hone their skills, this outlook has become bleaker. Now, IT security specialists view companies as those who know they have been hacked and those that do not.

While it is unlikely that every business in existence has experienced a data breach, the threat is real. Of the plethora of risks businesses face on a day-to-day basis, cyber incidents represent the third largest of them all. Victims are as varying as their attackers are. Large corporations, small businesses, non-profits, and even government organizations are prone to attacks. These cyber aggressors could be hacktivists for a specific social cause, individual attacks for fiscal gain, and more.

Protecting Against Cyberattacks

The situation is not as dire as many in cybersecurity make it seem. Businesses do not need to revert to non-technological forms of communication and data storage, but they do need to protect themselves. The easiest way to do that is with cybersecurity insurance. Unfortunately, many businesses neglect this type of insurance until it is too late.

The first step to managing cyber risk is acknowledging it requires attention and resources. If a business neglected cybersecurity in the past, they need to make it a priority now. This does not just mean preventing cyberattacks. Businesses also need to have a plan in place in the event of a successful breach.

Common Sense Measures

Beyond investing in cybersecurity insurance, businesses should also make sure they are engaging in best practices. Holding cybersecurity training for employees, discouraging sharing passwords, and changing passwords on a regular basis are simple measures employers can take to reduce the likelihood of a security breach. More often than not, hackers obtain their information from unsuspecting employees. If employees know the signs of a scam or suspicious email, they can take the appropriate steps to contain the threat.

Cybersecurity is a multifaceted issue that can be difficult for businesses to navigate. The Reilly Company can help your business understand what cyber protection policies are available to them as well as what type of coverage best suits their needs. To learn more, contact us.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

The Evolution of Cyber Protection

More than two decades ago, cyber protection started out as errors and omissions insurance (E&O). As the internet changed, E&O policies grew to include damage caused by viruses, unauthorized access of client information, and so on. More often than not, it was tech-based companies purchasing these policies. As network security expanded into privacy space, other industries began looking for standalone cyber policies that provided protection for network security as well as privacy liability.

Modern Cybersecurity Policies

Today’s cyber protection policies encompass a wide range of services. These include:

  • Errors and Omissions: These claims occur due to errors from services. These can be tech-based services, such as software, or professional services, such as legal or medical aid.
  • Media liability: These claims are the result of advertising based injuries such as infringement of intellectual property, copyrights, or trademarks. They can also include libel and slander.
  • Network Security: These claims relate to network security failures. Such failures can cause exposure or destruction of customer data, virus transmission, and more.
  • Privacy: While many think of privacy claims as a breach of sensitive online data, it can include physical data as well. Some examples would be a lost laptop or files accidentally thrown away.

Cybersecurity Insurance Limits

It is not enough to have cybersecurity insurance. Business owners need to understand what their policy covers as well as its limitations. For example, some policies only provide business interruption coverage if an attack affects your network for a set number of hours. Other items most policies do not cover include:

  • The expense required to improve existing systems.
  • Harm to reputation.
  • Loss of future income. For example, sales may be down after an attack because consumers lost trust in a vendor after a cyber security breach.

With technology constantly changing, businesses cannot afford to leave their cyber data unprotected. To learn more about cyber protection policies, contact us.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr