News// April 2016

Cyber Insurance Coverage - Do I need it?

Unless you've spent the last year at the International Space Station, you've been hearing and reading about an onslaught of cyber attacks on business of all kinds. Most people paying attention to this phenomena have accepted that it's not a question of "if" they will be attacked, but rather, "when will it happen?"

This recognition should lead a reasonable person or business to ask, "what should we be doing to protect against an attack?" Well, certainly one option to consider is cyber insurance coverage. Although coverage varies from company to company, cyber insurance can pay for many of the high costs of a breach, such as data recovery, customer notification expenses and third party liability claims or lawsuits.

But many people choose to bypass the extra expense of cyber coverage under the mistaken belief that their existing business insurance policy covers them for the loss of data and related damages. This decision could be penny wise and pound foolish. Most of the expenses resulting from a hack won't be covered by a traditional business insurance policy, which only covers the loss of physical tangible property, as opposed to data loss.

Still, others naively think that since they're just a small business, they're not the target, and thus don't need coverage. But, those people fail to consider that doing business with larger companies makes them a target. Hackers use smaller companies with less security as the gateway to exploiting larger businesses. Several infamous hacks, Home Depot and Medstar to name a few, were traced to third party vendors which the hackers used to gain access to larger companies.

Businesses of all sizes need to take cyber security seriously, and the days of turning security over to an IT professional and forgetting about it are long behind us. A security plan is only as strong as its weakest link. Insuring against a hack is one step every business should consider, but a cyber insurance policy should be part of a larger plan to protect against and for a cyber attack.