Cyber Insurance – Is it worth it?
Many businesses think their business is too small to attract cyber criminals. Yet, when it comes to cyber theft, size doesn’t matter. Hackers are on the lookout for businesses of any size with valuable customer data they can steal and sell on the black market. Businesses are increasingly vulnerable to cyber-attacks.
Consider some of the most high profile cyber attacks in recent times that targeted major brands. In the case of eBay, hackers managed to steal personal records of 233 million users. The hack saw usernames, passwords, phone numbers and physical addresses compromised. Fortunately financial information was stored separately and not stolen but this still left eBay users vulnerable to identity theft and brought risk to eBay’s reputation.
Big businesses are obvious targets of hackers and cyber criminals, right? After all they have big pockets to pay ransom demands. But in fact small business is just as vulnerable to cyber crime, with over 108 cyber attacks in New Zealand during 2016. In New Zealand, there is no law requiring that breaches be declared so the numbers might be bigger.
So why are hackers interested in small business? To start small business websites are often used as “watering holes” or loopholes to break down the security of other businesses. (i.e. get into the systems of other businesses). They are also an easy target for sophisticated hackers as they often don’t have the security systems in place to prevent an attack, making them a target for their customer data, intellectual property and bank account information.
Take for example the small recruitment firm which, over a three year period experienced three separate instances where their systems were breached. Bank account and drivers license details of 500 on-hired contractors were stolen.
Or the Accounting firm, which had their server and client records locked by ransom ware and hackers demanded $50,000. In New Zealand, ransom ware demands costs small businesses millions of dollars per year.
But cyber risk is not just about hackers. It also covers staff who accidentally make public confidential information, insider theft as well as theft or loss of a device. Like the Australian case of the sports drug testing consultant who left his laptop at a sports ground. He was able to claim $70,000 for Business Interruption, notification costs and as defence costs for the breach of privacy.
This is why cyber insurance should be an important part of your risk management plan, as it provides protection against the expense and legal costs associated with data breaches. Having cyber can help mitigate a number of ways a business can be impacted financially:
- Brand reputation– this is likely to be one of your most import assets, so you will need to protect and potentially repair any damage.
- Interruption to business– this could include temporary downtime while the issue is investigated, lost income due to system downtime and potential loss of sales.
Having a Cyber Insurance policy can provide you cover for the following costs:
- Compensation claims
- Credit Monitoring
- Cyber Extortion
- Data Restoration
- System Repair
- Public Relations
- Business Interruption
Cyber insurance is available for first-and third-party losses, which in plain language means that if your business has customer or vendor relationships and processes customer-sensitive (non public) information, you need it.
Isn’t my other insurance cover enough?
Take time to review your current policies—especially the exclusions—and you’ll likely find that your other business cover won’t respond to a cyber or data breach claim. And the last thing you want to do is handle a cyber attack or data breach alone. Cyber insurance will also provide coverage for regulatory defence, penalties and fines.
Is cover pricey?
Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. A policy with $100,000 cover could cost as little as $600 per annum.
Whilst the ability to market your business online is getting easier (and less expensive), the threat of a cyber incident means all businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.
This is general advice only.