With an increase of cyber-attacks on midsize businesses, it’s becoming more difficult to stay protected from digital threats. According to the Securities and Exchange Commission “midsize businesses are not just targets of cybercrime, they are its principal target.” Cyber insurance provides protection from online attacks like hackers, malware (i.e., viruses and ransomware), data loss and other digital risks. However, finding the right insurance plan to fit a company’s distinctive business practices can be a challenge for many business owners.
Certain plans designed to protect large businesses are too cost prohibitive for middle market companies, while plans for small businesses do not offer enough coverage. According to Statista, “companies not protected by cyber insurance cited a lack of insurance fitting their needs on the market, as well as low policy limits or too high costs, as the reason for their lack of protection.”
When selecting a cyber insurance plan, a company’s unique business operations and characteristics create distinguishing risks—so a one-size-fits-all plan isn’t the best route. Navigating different cyber insurance plans can be vexing but there are certain criteria insurance providers and plans should have:
- Satisfactory provider rating (A-rated, national provider)
- Annual coverage reviews
- First and third party coverage
- Coverage for fines/penalties
Cyber insurance protection, however, is broken down into two parts: first party insurance and third party insurance (a comprehensive plan will offer coverage in both areas).
First party insurance covers the costs of a digital attack or breach, like hacking. When private company data (like customer or employee information, for example) is stolen or lost, certain expenses arise to retrieve the data and maintain normal business function. First party insurance provides coverage for the following customer and business expenses:
- Expense to notify customers of breach
- Credit monitoring services for customers
- Data replacement
- Business income loss
- Crisis management (public relations expense)
- Extortion threats
Third party insurance covers suits by a customer, employee or governmental entity when sensitive data is lost as a result of a data breach. Third party insurance provides coverage for the following areas:
- Restitution for lost data
- Legal defense
- Regulatory fines
- Website publishing liability
In the case of a retail business, for example, a customer’s file might contain his/her credit card information, and an employee’s file could include his/her Social Security number. If this kind of information is lost, stolen or abused, a cyber insurance plan can provide protection for the customers, the employees and the company.
In addition to digital threats like malware and hacking, cyber insurance protects against some physical threats as well. Office spaces usually house sensitive data and files. Employee, cleaning or maintenance personnel can steal paper or digital files containing private information just as online hackers can. Also, if a company laptop is lost or stolen, non-encrypted computers contain information that, if in the wrong hands, can create risks for a company.
Differing business practices warrant distinct kinds of cyber protection, so a comprehensive cyber insurance plan that suits a company’s unique needs offers maximum security.
Stayed tuned for Part 3 where we will go over the road to recovery in the case that your mid-sized business was hacked.
Steven Sharkey is a co-founder of The Beacon Group of Companies and managing partner of Beacon’s property and casualty division.