Cyber security has become a growing concern for American companies over the years and for good reason. Information violations have not only become increasingly common, but are also very large. The modern web shows nothing about the security situation as well as the most recent breach, which targeted the IRS by taking advantage of faulty security to allow hackers to compromise 100,000 taxpayer records.
Similar violations have also affected very small companies, and it is common to see a forward-thinking insurance company for optimization. Here one needs to determine whether, first, you really need cyber insurance and second, what you should look for in a policy.
Are you at risk?
If you work with any type of customer information, the answer is yes. The term to look for here is Personally Identifiable Information, or PII. It is not a technical term, but rather a legal term that carries some teeth if you have to deal with it.
At its root, PII is a piece of collected information that could potentially allow a third party to identify the individual customers of the business. Given how little the internet is signaling to track a person, this definition is horrifically broad. Full names, email addresses, site aliases and (sometimes) even web cookies can all qualify as PII.
If you are storing anything that falls under the PII umbrella, you are at risk of infringement. For affected customers and for the company responsible for the loss, brakes are quite expensive. Companies in the healthcare and retail industries are clearly at increased risk, but when it comes down to it, any business that makes a habit of collecting information should ask their insurance company about cyber policies.
What does your cyber policy require
You have to look for some things in any cyber insurance policy. As you might expect, a good policy should directly cover the financial losses caused by the breach. However, cyber attacks can cause a number of financial losses. In particular, make sure your company is protected against:
– Losses due to lost time and productivity. A major hack may cause the company to come to a standstill. Find the insurance company that guarantees coverage for lost revenue during this period.
– Compensation by third party. Some modern companies handle their data on their own. Outsourced IT support or other companies may be victims of a breach affecting their customers.
– Loss of reputation. Broken companies, even those that have done their due diligence, almost always take a PR hit in the wake of an attack. A good policy provides some cushioning against customer losses which usually ensures.
Finally, do your best to work with an insurance company that has an educational component. Some plans will also come with training to avoid fractures. As good as protection is, it is safe to say that it is best left unused. Setting up a set of best practices can help you trust a safety net for the first time.