Sensitive customer data stored within company servers, in the cloud, and even stand alone computers and laptops is vulnerable to attacks from hackers, other cyber criminals and, all too often, careless or crafty employees. Most people think only large corporations are in danger of cybercrime incidents. But any business that uses a computer, especially when connected to the Internet, is at risk.
You might ask; “At risk for what?” My business is small. It certainly isn’t the government or as big as popular store chains that have been in the news with millions of customer records breached. Unfortunately, cyber attacks and data breaches are hitting businesses of any size and, when they occur, they can be extremely expensive to remedy. As of June 2017, forty-eight states plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation that requires private or government entities to notify individuals of security breaches involving personally identifiable information. The exceptions are Alabama and South Dakota1.
This means, if your database includes things like a name with a SSN, driver license or state ID, account numbers, medical records, or other personal information and you were to incur an unauthorized acquisition of your data, you could be required by law to go through various very expensive steps of crisis management. This theft of your data can occur from someone hacking into your system, an employee’s accidental transmission of data, or even from a lost or stolen laptop, tablet or computer device.
There are different types of breaches aside from an unauthorized acquistion of data that can very costly to your business. Have you ever heard of “Social Engineering”, or “Cyber Extortion”. They sound crazy, but these things are really happening. Cyber extortion can occur in various ways, but often happens by visiting a web site or opening an unknown email attachment that contains a form or ransomware that renders your computer inoperable until a demand for money or even bit coins has been met. To show how far-reaching this can be, a client of our office (a manufacturing firm) had a CNC machine attacked which shut the machine down during a demand for a substantial sum of money.
A Cyber Liability insurance policy can help address the costs that result from a breach of data – the actual costs to you as well as the costs required by law to notify all affected people. There are many forms of Cyber Liability Insurance ranging from simple Security Breach Response coverage offered by some insurance companies as an option on an existing commercial package to full-blown Cyber Liability policies that provide coverage for a myriad of cyber exposures, as well as addressing the legal and forensic assistance that is often a part of recovering from a Cyber attack.
CLICK here or call us at 800-220-5582 for additional information on Cyber Liability Insurance.
1 National Conference of State Legislatures – Security Breach Notification Laws