How to Shut the Door on Cyber Liability Risk

When a cyber security breach occurs at a company, it is almost always the result of negligent behavior. However, this behavior is not always malicious or even on purpose. Often times, employees lack the necessary training and understanding of cyber security best practices. Below are several methods businesses can use to reduce their cyber liability risk.

Training and Retraining

Employees are prone to human error, but this does not mean businesses have no means to temper it. By holding onboard training and regular training for the tenure of their employment, businesses can improve their employees’ cyber security expertise. Many businesses believe onboard cyber security training is enough, but the evidence proves otherwise. Skills become rusty without use so it behooves businesses to ensure their employees retrain to retain their cyber security knowledge. This does not mean holding one annual training. It means conducting cyber drills and training on a regular basis—at least quarterly—to keep employees on the top of their cyber security game.

Establish a Baseline and Improve

Businesses often promote employees because they are good at their current job—not because they will do well in the next tier of responsibility. This results in promoting individuals to the point of incompetence, which is known as the Peter Principle. When this happens in departments dealing with cyber security or sensitive data, the potential for a cyber catastrophe skyrockets. Combating this problem can present uncomfortable challenges, but it is a crucial step to reducing cyber liability.

This does not necessarily mean demoting or replacing certain staff. Instead, businesses can schedule immediate training and certification courses to get their employees up to speed. While staff may balk at the notion, it is important to note no individual will place their trust in an unqualified professional. Just as individuals will not hire lawyers without a valid license to practice, they will not want to work with a business that employs uncertified cyber security specialists. Even if employees do not work in cyber security, it benefits a business to ensure they have all certifications relevant to their position.

Cybersecurity Insurance

Reducing the human error factor goes a long way toward eliminating cyber risks. However, with ever-increasing security technology comes bigger cyber threats and attacks. It is not always possible to prevent a breach from happening despite a business’ best efforts. That is why investing in cyber liability insurance is crucial. In the event that proactive cyber security measures fail, insurance can pick up the slack and save a business from financial ruin. The Reilly Group is committed to helping businesses assess their cyber risk and determine which policy best suits their needs. To discuss your cyber risk and coverage options, contact us today.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Reducing Risk Exposure to Employment Practices Liability Suits

Employers can invest in employment practices liability insurance (EPLI) to ensure they have adequate coverage in the event of a claim relating to discrimination, wrongful termination, failure to promote, harassment, and more. Most large businesses have adequate EPLI coverage, but small businesses and startups may be vulnerable to discrimination claims. Thankfully, there are several ways businesses can reduce their employment practices liability risk.

Top 5 Tips to Address Employment Practices Liability Risk

  1. When posting job opportunities, include clear descriptions defining duties and expectations. Be sure applications do not include any potential discrimination triggers such as asking what year the applicant graduated from college. This can result in age-related discrimination lawsuits.
  2. Conduct background checks and screen applicants to weed out unsuitable candidates before interviewing them in person. EPLI risk starts from the moment an employer interviews a job candidate. If a business opts not to hire someone they interviewed, that individual can claim discrimination.
  3. Write an employee handbook providing clear policies and procedures for attendance, discipline, and termination. The handbook should also include an equal employment opportunity statement.
  4. Perform in depth performance evaluations for all employees and keep detailed records of the results. This can provide protection if an employee alleges wrongful termination.
  5. Discuss your risk and EPLI coverage needs with an insurance agent.

A number of factors affect how much EPLI coverage a business needs: how many individuals the business employs, any previous discrimination lawsuits, employee turnover rates, and more. The Reilly Company can help your business determine your risk level and how much EPLI coverage you need. To learn more, contact us today.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Equifax’s Cyber Insurance Not Enough to Contend with the Breach

As news broke of one of the biggest information hacks in history, Equifax became the new face of insufficient cyber security. The breach now serves as a cautionary tale for businesses everywhere. Most cyber attacks focus on small businesses, as they are often easier to hack into due to deficient cyber security. Larger businesses are harder to penetrate as they can afford to invest in the best cyber security available.

However, as Equifax is learning the hard way, investing in cyber security does not mean businesses do not need cyber liability insurance. Equifax has several insurance policies covering cyber security, general liability, crime, and much more. However, untangling which policy will payout for the hack will take time, and the coverage is likely not going to be enough to account for the expense.

Cyber liability insurance is not the only policy plaguing Equifax. Their property and business interruption insurance is likely inadequate to compensate for the losses they are encountering and will experience in the coming weeks. They are also contending with investigations at the state and federal level as well as a potential multi billion-dollar class action lawsuit.

Understanding the Breach

Hackers were able to achieve such a massive breach by taking advantage of a U.S. website application weakness. Equifax discovered the breach in late July and immediately engaged a cyber security firm to halt the attack. However, the breach began several months prior and accessed up to 143 million individuals’ private information. Equifax also commissioned the firm to discover what data the hackers compromised and how to prevent such an attack in the future. In the meantime, Equifax created a website to allow individuals to determine if the breach included their personal information. Equifax is also offering free credit monitoring for a year.

Risk Retention

In the aftermath of the breach, many are wondering why Equifax’s cyber liability coverage is insufficient. It comes down to risk retention. It is a risk management technique where a company plans to accept certain losses. Some examples include high deductibles or not investing in insurance on purpose. However, Equifax’s situation is more complicated. What insurance policies and how much coverage they choose varies depending on availability, cost, and perceived threats. The attackers struck during a period of insufficient coverage as part of Equifax’s risk retention strategy.

Assessing and Addressing Cybersecurity Risks

Business owners need to evaluate their cyber security situation and manage any gaps in their coverage. Even if a business owner believes their coverage is sufficient, they need to reevaluate their policy from time to time. For example, many business owners believe their business liability insurance protects them in the event of a cyber attack, but this is often not the case. In addition, business owners need to adjust insurance policies as technology changes and businesses grow to ensure they have sufficient coverage.

Understanding Cyber Threats

The latest buzzword related to cybersecurity is breach, but that is not the only type of cyber threat businesses face. Below are some of the most common cyber threats business owners may encounter.

  • Data breach. Data breaches, such as the one Equifax is dealing with, happen after a security measure fails. Hackers access private data such as credit card numbers or social security numbers and use them without permission. Businesses that lose their customers’ data face high penalties, investigations, and more.
  • Hackers use this type of attack to target smaller businesses. They install malware onto a company’s devices and demand payment to remove it.
  • Third party data. This scenario applies whether your business handles a third party’s information or if your business engages a vendor to handle sensitive data. For example, if your business hires another company to safeguard sensitive data, cyber policies will still payout if hackers compromise the company.

The best way for businesses to protect themselves from cyber risks is to discuss their insurance options with an expert. The Reilly Company can help businesses assess and mitigate cyber risks as well as secure the best coverage pricing for policies. No business is impervious to cyber attacks; to learn more about protecting your company from cyber threats, contact us today.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr

Three Types of Insurance Business Owners May Not Know They Need

Starting a new business is an exciting prospect, but it also requires a lot of hard work. Entrepreneurs have to focus on several elements all at once such as their products, their customers, their insurance, and their bottom line. However, failing to invest in the right kind of business insurance can lead to financial ruin. While most entrepreneurs are familiar with the major forms of business insurance (i.e. general liability, property, etc.), not all businesses conform to traditional coverage needs. Below are examples of three types of business insurance coverage small business owners may not realize is vital to their continued success.

Home Business Insurance

Many individuals operating their business out of their home may assume their homeowner’s insurance covers them in the event of theft or damage related to their home business. Unfortunately, this is not the case. Some homeowner’s policies allow add-on coverage to protect some elements of a home business, but the best solution is to invest in home business insurance coverage. This type of policy covers liability, theft, loss of business equipment, and more.

Business Life Insurance

Many businesses cannot withstand the loss of their leader. This is especially true for small businesses since one individual may perform several major jobs. For example, the COO may also be the primary hiring administrator as well as head of marketing. A company would find it difficult to replace such an individual. Moreover, the time spent finding and training new employees to fill those jobs puts a financial strain on the company. If such an individual were to die without warning, the business itself could collapse. In the event of such an unfortunate incident, business life insurance helps companies stay afloat while they replace the individual.

Cyber Insurance

Almost every company does some business via the internet. While having a presence on the web is often good for business, it also represents a liability. If a business collects credit card information or personal data about its customers, it needs cyber liability insurance. Cyber liability insurance also provides coverage in the event of cyber attacks designed to disable internal networks. On average, cyber attacks cost small businesses $9000 per incident. As a result, companies who fail to invest in cyber insurance can experience financial instability or even bankruptcy.

Neglecting to invest in insurance specific to your business is an unnecessary risk. The Reilly Company can help your business identify risks unique to your industry and suggest preemptive methods to protect against them. Contact us to learn more.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditShare on Tumblr