Do you use technology to do business? Do you have employees with devices that can connect to your wi-fi network? Is it 2019?
If you answered “yes” to any of the above questions, you’re an organization that faces cyber risk. As technology becomes more complex and sophisticated, so do the threats we face – which is why your organization or small business should be prepared with cyber liability insurance and a cyber security plan.
While firewalls, security gateways, anti-virus tools and spam quarantines help to filter out malicious content, your employees are really the first line of defense against a cyber-attack. Employees are vulnerable to malware through their use of company email, social media, web-browsing and other network software. Having a best practices plan can help your organization be prepared for a cyber attack and allow you to quickly recover after an attack. Both businessowners and employees should know what to do to secure their systems and mitigate financial and reputational damage if they are breached.
According to Michael Osterman of Osterman Research, Inc.,1 there is more than a 1 in 4 chance that a user will mistakenly click on a phishing email and infect a corporate network. Osterman Research conducted a study of organizations that had been victims of cyber breaches from March 2017 – March 2018 and found:
- 25% had sensitive/confidential information accidentally leaked through email
- 22.1% had files encrypted because of a successful ransomware attack
- 19.2% had one or more systems successful infiltrated through a “drive-by” malware attack from employee web surfing
- 17.3% had a CEO fraud email attack that successful tricked one or more employees in the organization
- 5.8% were victims of sensitive/confidential information accidentally or maliciously leaked through a social media or cloud application
What does this mean for your business?
Both large and small businesses alike are susceptible to cyber-attacks. In fact, 1 in 3 documented data breaches occur in businesses with less than 100 employees.2 What’s even more disturbing, 60% of small business close their doors within 6 months of following a cyber-attack.3 Business owners need to consider cyber attacks just as they would any other risk – fire, theft, or severe weather – and plan for it as part of your business continuity strategy. Talk to your agent/risk advisor about having a cyber liability plan in place so that if a cyber event strikes, you’re proactively ready to stop it. Traveler’s Insurance urges customers to consider the S.A.F.E acronym to effective break down their plan into 4 steps.4
S: Set the Strategy – a post cyber event plan should consider a number of issues, including:
- Notifying customers
- Assessing the scope of the breach
- Handling legal policies and procedures to report the event
- Contacting your risk advisor and insurance carrier
- Managing communications
There should also be a clear protocol in place to identify who will be managing each component of the plan and what information he/she needs to provide in the event of a breach.
A: Asses the Breach – it is important to quickly ascertain how widespread the breach was an if systems are secure. Data should be analyzed to determine whether confidential or personal information was compromised.
F: Fix the Problem – businesses should identify and use external resources to assist in managing a cyber event. An attorney or “breach coach” experienced in security and privacy compliance issues can assists with this. In addition, this person can assist with documenting expenses, such as time spent recovering and estimates for overall cost of remediation. These details are necessary to help re-secure a company’s data network, refine the communications plan and serve as evidence if the breach results in a legal battle. Your risk advisor should be able to connect your business with an experienced “breach coach”.
E: Examine Your Systems – once a company determines how, when and where the cyber breach occurred, the IT staff should check to ensure that the data is secured with the necessary patches or fixes. Systems should be tested and re-tested to help identify gaps and confirm all sensitive data is secure.
Even a “small” data breach can cost a company upwards of $40,000. A good cyber security policy can cover the costs associated with the liability or a claim or suit related to a data breach. The right coverage for your business or organization depends on your level of risk so contact your risk advisor today for a cyber security analysis to make sure you have the proper coverage.
2 Verizon 2015 Data Breach Investigations Report
3 2013 U.S House Small Business Subcommittee on Health and Technology report