It is easy to say ‘everyone needs it’ from a marketing standpoint, but this is one of those coverage types where that statement is true. It is 2012. Business is done electronically. Data is stored (or at least routed/transferred) in almost every type of transaction. Third party payment processors are utilized. Medical providers are switching to electronic records. People run companies from smartphones and laptops and tablets. Certainly some companies have MORE exposure that others, but one simple data breach (not necessarily a hack where data is stolen, but a simple breach) can bankrupt a small company because of the state-by-state notification laws. The expenses from this alone can be astronomical.
EVERY company should have a cyber liability insurance policy as part of their business plan. A good coverage will address not only the cost of notification expenses, but PR campaigns to help the company in the face of a crisis event, many types of breaches.
The one thing we often see with this coverage is small companies with an ‘it won’t happen to me’ mentality. This is the most dangerous attitude a small business owner can have. To give you some perspective, let’s look at Sony. We are all familiar with the Sony PlayStation network interruption that took place about a year ago. Sony is a global technology company that spends billions annually on protecting itself from digital danger, and they still suffered one of the largest data intrusions in history. If someone can do this to Sony, a corporate giant that has an inordinate amount of security resource available, what COULD they do to a small business?
Here’s an even scarier situation. Most people envision data breaches being perpetrated by an evil computer hacker but what about the people around you? Here is an example: a business owner calls the exterminator because he saw a nasty cockroach in the kitchen. The exterminator shows up on Tuesday as scheduled but, little does the business owner know, in his van is a small device (that can be purchased at RadioShack) to hack into the company’s network. He comes to the lobby, identifies himself as the exterminator, and does his job. Now he has FULL access to the facility. Someone with technical knowledge can be hack into a company’s network in a matter of minutes and the owner just let him in! He wasn’t the big bad computer guy. He was the smiling hero; there to rid the kitchen of infestation but, boom, the company just got hacked.
Now, that scenario is rare but it happens and many times, even though a network is hacked, there may not be any actual criminal activity that comes from it. Unfortunately, though, it can happen and your client can be held responsible. Each state has their own notification laws that can require varying degrees of action. On average, it is estimated that a single data breach can cost a company as much as $250 per PII (personally identifiable information). The point is that cyber liability exposure is everywhere, but it isn’t always the Hollywood villain that is sitting in a dark basement with 20 computers that companies need to be worried about. Just ask your clients to examine their exposure… how ‘secure’ are their buildings? Just ask the exterminator; he probably can answer better than anyone else… scared?