CYBER DATA BREACH
We live in an era of big data. Many everyday activities are wrapped in it— visiting the doctor, paying bills, or getting an insurance quote. This data is immensely valuable to a number of people, as it can be used to access accounts and take money, steal corporate secrets, or get sensitive information that can be held hostage. One out of four companies are likely to be breached in 2018. More than that will be attacked. Any secure system can be breached—in fact, 90% of small businesses are affected by a data breach each year. Every company that touches sensitive data is at risk for these breaches. This is evident in the big security breaches from huge companies and even national intelligence agencies. Even with excellent and expensive cyber security, people in an organization can be bribed, tricked,or scammed. With the huge increases in big data availability, software issues, wireless connections, the cloud, and potential ins from the any networked physical divide, a small business has a big risk of suffering a data breach. If your company provides a software or other data handling service and you suffer a breach, you are responsible for even greater costs.
Hackers steal millions of valuable identities, passwords, credentials, medical records, bank accounts, social security numbers, trade secrets, and more from both tech firms and also everyday businesses that have employee records, client records, engage in online commerce, and more. We exist for these inevitable troubles. Every year more data is accrued by companies with the potential of doing incredible amounts of damage. Here at RF Insurance we offer comprehensive cyber insurance policies that go beyond what is often offered as endorsements to a Commercial General Liability policy while offering a huge discount.
If your house had a one-in-four chance of catching fire every year, a smart person would get home insurance before they even had a home. Every business needs some form of cyber insurance.
Cyber insurance is the insurance you need to protect the value of your digital assets. It’s important to note that even if you have standard business liability insurance, you are not covered in the areas of cyber insurance. Cyber insurance applies to both first- and third-party businesses keeping data, or selling software to clients. Cyber insurance covers privacy issues, Internet- or network-related intellectual property rights, and many of the collateral costs of a successful breach.
TYPE OF CYBER ATTACKS
Though outside security is important to prevent external breaches, the biggest threat to most networks and databases is the company’s employees. This doesn’t mean that you need to start a witch hunt, but limiting access to sensitive data and taking good care of your employees can reduce the amount of malicious data breaches where employees seek to sell or steal company or client information and secrets. Many companies also lack real-time IT denial to fired employees, causing undue risk if the employee is taking the end of employment poorly. Further issues may occur if the user hasn’t been following proper password safeguarding or creation, has been tricked, or is, most commonly, just negligent.
Cyber intrusion into a network can occur in a number of ways, including brute force hacking, malware (viruses, worms, and other forms of malicious code), and other cyber system or network intrusions. With the advent of the digital age still only a few decades in the past, most people do not understand the complexity and ways that software and other systems work. Hackers with extensive knowledge about the workings of networks, software, encryption systems, and other aspects of the cyber world can wreak havoc when they gain access or even partial control of an account. Most malicious hacking attempts target user information to commit credit card fraud. Additional issues can include cyber extortion by threatening online business disruption, data destruction, information ransoming or theft, and more.
When people think of physical breaches of a network they oftentimes imagine high-risk situations where a clandestine operative secretly enters a company premises and manually hacks a network. Although this is possible, in reality, it’s often as simple as a hacker leaving a flash drive somewhere an employee might pick it up and later use on a company computer. Once opened, snippets of code can enter the system and start making changes to data or programs, or it can reach out and contact other computers to allow a person access to the network or database.
One of the more overlooked methods of hacking for cyber security is the use of phones and other parts ot the Internet of Things (IoT) made of anything that can share data and network for work purposes. Most critical is the use of modern phones. It is impossible to know what apps or malicious programs might exist on their phones without their knowledge. Employees using personal phones almost inevitably do some sort of work on them and, in the process, open your networks and data up to attacks.
Social hacking, also known as “phishing”, is one of the more insidious, and hard to defend against forms of hacking. Social hacking comes in many different forms. In almost all of them computers are used only to mine the Internet for personal information about you, an employee, or your business. Using this information, hackers will develop a game plan to convince people into giving up enough information about you or your company to breach your security without any red flags. In one instance in 2015, two teenagers got access to the CIA director’s email and personal information by first getting his phone number, finding his provider, then pretending to be Verizon employees helping a client, and getting access to their file on the director. This allowed them enough information to convince AOL to grant access to his email without a password. They stole key information, including copies of his security clearance application, which contained enough data to open further breaches had they not been caught.
WHAT DOES CYBER / DATA BREACH INSURANCE COVER?
Cyber liability insurance is not a blanket, agreed-upon term. Among the hundreds of firms that offer cyber insurance, they all differ drastically in wording of policy and in coverage areas. In general, cyber insurance covers the consumers and producers of technology services or products. However, the lines of cyber security often blur with general liability insurance.
These areas of cyber insurance are further broken down into two different coverage types: third-party coverage and first-party coverage.
First-Party Coverage applies to costs directly involved in responding to issues that occur on your business’ end. That can include breaches of security, rogue employees, successful hacking, theft or destruction of data, business interruption, and more.
Third-Party Coverage applies to costs accrued from third-party attempts to sue you, file claims against you, or when regulators demand information from you.
Cyber liability insurance and general liability insurance are similar and overlap in terms of E&O coverage—which is very important for SaaS and IT services. Errors and omissions—also known as E&O—coverage is not traditionally cyber insurance, but overlaps with cyber insurance coverage for many IT firms and SaaS companies. Like any high impact profession like a doctor of lawyer, you are obligated to be good at what you say you will do. If your IT or SaaS services are a key element to damages a client suffers, your SaaS or IT firm can be held liable. No one wants to make an error, but even in the most thoroughly vetted documents and software, costly errors can occur. As recently as 2015, one of Apple’s iOS updates opened their phone line to unprecedented security breaches. E&O cyber insurance covers these bases and is key for SaaS companies and tech start ups, small and large. IT professionals, consultants, and even app developers need E&O coverage.
Overlapping into general liability insurance, this pays for damages and claims from faults in advice or product that causes damages to a client’s business. This is critical for IT firms and SaaS businesses.
This pays for damages and claims from “Privacy Wrongful Acts” harming any 3rd party or employees. “Privacy Wrongful Acts” (Any privacy breach by “you” for which you are legally responsible. Including independent contractors.)
Security breach response coverage is critical for IT firms, SaaS businesses, and manufacturing, or anyone dealing with intellectual property. This reimburses costs from crisis management costs (cost to employ public relations consultant), breach response costs (breach response professionals, cost to notify, legal expense, and credit monitoring— if obligated or voluntarily incurred).
Trigger: Security Breach (accidental disclosure of personal information by you or on your behalf. Theft of data, unauthorized access, or use of personal information stored on your computers.)
Security liability coverage is a critical part of E&O coverage, for breaches of the Security Wrongful Act regarding improper conduct of computer systems, security, and protection of information. This includes the inability of your 3rd party to gain access to agreed upon services, failure to prevent unauthorized use, or failure to prevent transmission of malicious code
Trigger: Security Wrongful Act
Media Liability Insurance covers third-party actions such as libel, slander, and intellectual property, copyright, and trademark infringement for the company and its products. Though usually a part of general liability insurance, this coverage area has shifted over to the area of cyber insurance in recent years due to growing online presence of companies. General liability insurance DOES NOT cover the online presence of companies.
Trigger: Multimedia Wrongful Act (acts committed by you or on your behalf via the Internet that cause damages).
Groups may threaten business or gain and hold sensitive data hostage from companies such as trade secrets, private information, intellectual property, and more.
Trigger: Cyber Extortion Threat (requires credible threat from others)
When cyber security is breached, loss of data, stalled business, and damages to reputation add up. Common amounts measure in the hundreds of thousands or millions of dollars.
When digital assets are damaged in the event of network disruption, or unauthorized access, digital asset restoration coverage pays for restoration costs.
A bank or financial institution sends audits to ensure that your business is handling any card-holder’s information in a manner that meets the Payment Card Industry Data Security Standard (PCI DSS). This is common especially after data breaches. When your business is not in compliance, you can be subject to legal ramifications. PCI DSS assessment coverage covers damages and claims resulting from a PCI DSS Assessment.
HOW MUCH IS CYBER/DATA BREACH INSURANCE
This is a great question. There isn’t an exact right way to calculate the proper coverage amount. Cyber insurance for a hotel is not the same as cyber insurance for an tech startup or a cutting-edge manufacturing client. In general, we calculate based off of $200 per compromisable record and focus on making all of our cyber insurance as affordable and effective as possible.
We start a policy with under a million dollars in liability for small businesses like e-commerce and restaurants or hotels. Most breaches for a small businesses run around $100k in losses, so we aim for policies that cover up to $1M or lower.
For larger companies, or where a business deals with a lot of data like IT, SaaS, or other tech and research and development firms, we often look at policies that cover between $2M to $5M in liability.
THE RF CYBER / DATA BREACH INSURANCE DIFFERENCE
Our cyber insurance is famous for striking the elusive balance between effective coverage and affordable rates. For instance, our rates are often 50-70% less than what is offered in the market. We know that saving money is important as you grow your business. We have gone through the market information and run the numbers to make sure that we offer the most competitive rates possible. All our clients have concierge agents on call to answer your cyber insurance questions and walk you through this complicated field. We understand the importance of your company’s future and safety. You likely have questions, and we have answer. Contact us to speak with one of our agents or to start a quote.