Topics: Agent Resources Cyber Liability
In a recent survey from Deloitte University Press, 64.9% of participants said news of cyber-related losses experienced by others was the biggest driver of cyber liability insurance sales. But why does it take another company losing millions of dollars for small and mid-size businesses to take note of their own exposures?
As an AmTrust agent, your experience and expertise is invaluable to your clients. Every time you offer advice on limiting exposure, you have a direct hand in data breach prevention. Here are 3 tips for identifying the potential for cyber exposure in 2018:
The total breach cost for claims submitted from 2014 to 2017 was $202M, according to a recent study from NetDiligence®. Much of this cost can be attributed to five common (and preventable) cyber risk exposures.
As of April 2016, 47 U.S. states, as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands, have enacted legislation concerning the notification of individuals who have had their personally identifiable information (PII) compromised due to a security breach. Notifying the proper authorities when a data or privacy breach occurs can be costly but necessary for avoiding litigation. In fact, according to the 2017 Cyber Claims Study, the maximum notification costs increased 176% from 2016 to 2017, up to $5.53M, and the average notification cost increased by 39%.
Consequences of Noncompliance
Being compliant is a critical component of any cyber security program. It is imporant to remember that a good cyber security program should make an organization compliant, but being complient does not mean you are secure. Unfortunately, the hard costs to respond to and recover from a data breach often cause businesses to close their doors. AmTrust agents can help prevent this by helping their clients to understand the effects of noncompliance before it occurs. As an example, the Gaming & Casino sector, which is highly regulated, incurred the highest forensics costs in 2017 averaging $345K, as well as the highest median breach cost of $190K.
Physical Data Security
Every client has data that needs to be protected, whether that’s employee data like social security and account numbers, confidential and proprietary corporate business information (e.g. potential patents), or customer data like financials and personal information. This data, whether stored physically or digitally, should be secure at all times. Physical security is another information security exposure that can compromise your client’s data.
Increased Legislation Related to Cyber Exposures
Depending on your clients’ industries, they could be regulated more heavily than ever before. For example, the New York State Department of Financial Services (DFS) has enacted legislation to protect customer information held by banks, insurance companies, and other financial services institutions regulated by the DFS. Entities that are subject to the legislation must have a written policy approved by a senior officer or the board, as well as a Chief Information Security Officer. We anticipate that other states will enact similar statutes. Not following the local data and information security statutes could have disastrous effects for your clients. The General Data Protection Regulation (GDPR) was enacted by the European Union (EU) in May 2018. This comprehensive data privacy law impacts EU organization and protects the privacy of EU citizens. California is rolling out the first major data privacy legislation in 2020, the California Consumer Privacy Act, based on the GDPR in the U.S.
Loss of Reputation and Customers
A data breach is one the biggest exposures that a business faces since it affects the profitability of the business. In particular, a publicized data breach can result in a loss of customers and leave the business mitigating the damage to their reputation. Further, the loss of customers can increase the cost of a data breach. Industries with the highest churn are health, pharmaceuticals, and financial services. Many companies do not have a plan in place to address a data breach.
One of the best ways for your clients to guard against cyber exposure is to make sure there aren’t any cyber exposures undefended. To do that, we recommend regularly completing a Cyber Security Risk Assessment. During this analysis of the client’s cyber risks, consider the following:
All employees should be trained on the importance and methods of data security. Both physical and digital records should be safeguarded at all times, and confidential information about clients, employees, or corporate affairs should always remain secured.
Old data should be properly archived or deleted based on local and federal laws, and company policies. A data breach can result in malpractice and could lead to litigation.
All data, whether on a personal device, computer, or server should be protected by proper encryption. Companies in many states can benefit from safe harbor exemptions that only apply if the company can prove the data was encrypted before a breach.
Data Prevention Preparation
While having a good procedure in place is a great way to prepare for a cyber security breach, an untested procedure could have many flaws. Practicing the breach plan offers the opportunity to uncover and plug any holes in the plan before there’s an actual data breach.
Preventing a breach and preparing for the inevitable are two good ways to help protect a company against cyber exposure, but notification costs, noncompliance charges, and local statute violations can be a substantial addition to the bottom line.
Cyber liability insurance for small businesses provides a variety of services to address the modern day risks and threats of business identity theft and data breaches. For more information about cyber liability coverage contact AmTrust Financial Services.