Though Many Tech Firms Experience Cyber-Attacks, Few Have Cyber Liability Coverage
A majority of technology companies have experienced data breaches and other cyber incidents, yet only one in 10 has cyber liability insurance, The Stratton Agency announced today.
“Ironically, technology companies are among the companies most vulnerable to cyber-attacks,” according to James Marek of the Stratton Agency. “Even when tech companies are well protected, hackers can often find a way in. LinkedIn, Yahoo!, DropBox and eHarmony are just a few of the companies hit by attacks that exposed private information from millions of user accounts.”
Cyber-attacks are increasingly common, with 46 percent of all companies experiencing a data breach each year. Cyber incidents may also include contamination from viruses or malware, theft of laptops or mobile devices, denial of service attacks, insider abuse and negligence.
While larger companies make the news, small companies are especially vulnerable, he added, because it’s assumed that it is easier to breach their security systems.
Analysts estimate that damages from the average data breach exceed $5 million, but costs can run much higher. The U.S. government recently indicted a group of hackers who netted hundreds of millions of dollars by hacking personal information from several companies.
Even the best security systems can be hacked, so companies need cyber liability insurance in addition to tight security to protect themselves from losses that can reach catastrophic levels, according to Marek.
For comprehensive cyber liability coverage, tech companies need to add cyber liability coverage to both their general liability (GL) and their errors & omissions (E&O) policies.
With cyber liability coverage added, a GL policy should cover:
- Data breach services, including consulting, fraud alert, and identity restoration.
- Data breach expenses, including cost of notification, forensic analysis and proactive monitoring services.
- Legal services, public relations, data breach ransom and more.
Cyber liability coverage on an E&O policy should include protection for:
- Transmission of a computer virus.
- Failure to protect a third party’s data or information, including unauthorized access, use or theft.
- Inability of an authorized party to gain access to products and services.
- Coverage for media and content infringement, including software and computer code.
- Security breach event notification and management expenses.
Cyber liability coverage varies significantly among carriers. Premiums vary greatly, based on factors such as company size and the level of risk, but the cost for a small company can be as low as a few thousand dollars.
Companies can reduce their premiums by adopting strong security measures, according to Marek. A logical place to begin is with strong password protection. Passwords should be encrypted and should change regularly.
Companies should also conduct regularly scheduled risk audits to identify areas of vulnerability. Firewalls, anti-virus and anti-malware software, and virtual private networks should be used and updated frequently. Hackers will look for the weakest link, so make certain that all electronic devices, including mobile devices, are secure.
A written IT security policy should define individual responsibilities, and a plan should be in place for reacting if and when a cyber-attack takes place. The policy should cover all aspects of IT, including social media. Security policies should be strictly enforced and all employees should be trained to understand them.
Source: The Stratton Agency
- Verisk: A Shift to More EVs on The Road Could Have Far-Reaching Impacts
- Changing the Focus of Claims, Data When Talking About Nuclear Verdicts
- T-Mobile’s Network Breached as Part of Chinese Hacking Operation
- Swiss Re: Mitigating Flood Risk 10x More Cost Effective Than Rebuilding