In today’s commerce landscape, any business that uses technology and stores customer information has to be on heightened alert for risks related to the possibility of a cyber/data breach. Businesses that provide technology to other businesses or have access to another business’ data must be extra diligent because their exposure extends past their client to all their clients’ customers. Data breaches are frequently in the news, and legislation designed to protect consumers puts a tremendous burden on companies to make sure their infrastructures and products are secure.
The Real Risk
In a world where all our devices are interconnected, it is not only conceivable, but likely, that a miscreant who gains access to one device, could quickly access your whole virtual world – bank accounts, online memberships, employee records and actual control of the devices you rely on every day. Even if you utilize a 3rd party to provide and administer all or part of your company’s technology services, ultimately your client can sue you if a breach of private information occurs. And, it will be incumbent upon you to provide a defense that could cost tens of thousands of dollars not to mention potential damages. Even if the vendor provides you with a ‘Hold Harmless Agreement’ with defense cost, the validity of such a contract is often adjudicated in court, which will cost you money up front while you sue their insurance company.
Your Protection
Your first line of defense is maintaining adequate internal controls to prevent occurrences. Prevention is your best protection. Your security plan should draw from Executive Management, IT, Operations and Finance. Simply throwing the task to IT could leave holes in your security protocols unless you involve all departments in your organization. If you are a small business owner and wear many hats, you have to change hats and look at your security measures from the various perspectives.
Your second line of defense should be a crisis management plan to contain and prevent further damage when a security breach occurs. The publicity surrounding a cyber breach can create serious and sometimes irreparable reputational damage. If you wait for an event to happen before you think about how you’ll handle it, a situation could escalate beyond your control while you’re trying to figure out a plan of action. In the case of a breach, immediate response is the key to a successful outcome, so having a plan in place is of paramount importance.
Your last line of defense is funding your catastrophe with a thoughtfully constructed Cyber Liability Insurance program. One that helps maintain your businesses viability. Once the cat’s out of the bag, it largely becomes a matter of money. The expenses associated with a cyber breach can be astounding. According to a Ponemon Institute study, it can cost $195 for every customer’s data record that is compromised plus the cost of hiring consultants and possibly mounting a defense, which could cost $50,000 or more.
Risk Considerations
The following are four main areas that your business needs to address to assure a comprehensive security plan is in place:
- Technology Errors & Omissions– making sure that your product or service does not have embedded flaws which could lead to a security breach for a client
- Network & Information Security – preserving and protecting customer and corporate data from an internet breach, lost/stolen devices (laptops, smart phones, etc.) and internal hard copy files. You have to protect against outside hackers, but you also have to address the threat from rogue employees.
- Website Liability – assuring your website is secure so hackers cannot access sensitive information and cannot inject harmful or malicious code that could be disseminated from your website.
- Advertising & Media – protecting your business against claims of detrimental reliance from customers who claim that your product or service did not live up to its promotional material.
Take action
When a serious data breach occurs, you have the equivalent of a five-alarm fire in your house. You’ll need additional support to help your business put out the fire and rebuild. To ensure that your security plan will sustain your business, you can’t afford to ignore the importance of having cyber liability protection, which isn’t covered by most basic liability policies. Choosing to ignore the risk is not a good plan. The threat to your business is real and increasing every day as we become more interconnected and reliant on technology. Talk with an insurance professional to learn more about Cyber Liability Protection and discuss your options.
Related Articles:
Cyber Liability...a growing concern for businesses
Protect your business from privcacy and cyber threats
Privacy breach and data security...an issue for every business