The holidays will be here in a flash, and for plenty of people, that means it’s time to rush to retailers to cram in some last minute shopping. But shoppers aren’t the only ones paying attention to sales right now.
The holiday season – when sales and credit card transactions are at their peak – attracts hackers looking to slip in and steal the financial data flooding businesses at this time of year. In fact, Bebe Stores was one of the first holiday hacks so far. You may remember that the Target data breach happened on December 19, 2013.
If you’re a small-business owner, it can be tempting to look at these big retail breaches and think, “That won’t happen to me.” But you are equally lucrative targets, as far as cyber crooks are concerned. On average, small businesses have less security measures to prevent a breach. With enough easy-to-hit targets, a cyber criminal need not waste time breaking through the sophisticated security systems of big-box competitors. For more on that, read “'No Business Too Small' to Be Hacked, Says Security Expert.”
Small businesses are also less likely to recover from a data breach than larger businesses because they have fewer resources and employees to handle the aftermath. But that doesn’t mean you’re without recourse. You simply need to take the plunge and finally invest in Cyber Liability Insurance – a necessity for small businesses operating in the digital age.
Cyber Liability Insurance for Small Businesses: What You Need to Know
If you’re thumbing through your Property Insurance or General Liability Insurance policy right now and waving its "digital property" coverage like burning sage against evil, data-breachy spirits, we’ve got some bad news. This kind of coverage usually does NOT include data breaches. (For an example of the havoc that confusion can cause, read the post, “P.F. Chang's Lawsuit Could Affect Your Cyber Liability Coverage.”) It may cover the equipment that houses data or modest payouts for the loss of certain digital documents.
But the risks were different back when those types of policies were written. In the current age of data breaches, a separate Cyber Liability Insurance is the only policy that covers data-breach expenses for client notification, credit-monitoring services, and cyber extortion.
As the market for Cyber Liability coverage grows, the policy is adapting to include more types of coverage. According to Advisen, some policies offer coverage for…
- Complying with state data breach laws. Did you know, according to most state laws, if your business suffers a data breach and your customers’ protected information is exposed, you are legally required to notify those affected? You can face fines if you don’t. (More on that in, “Small Business Faces $3,000 Fine for Data Breach.”) Depending on the size of the breach, you may have to provide credit-monitoring services for your customers, too. Good thing Cyber Liability Insurance can help pay for the credit-monitoring costs and fees for notifying all those people, which can easily exceed tens of thousands of dollars. Your provider may also give your business access to a dedicated call center so that customers can call in with their questions about the breach.
- Recovering devices. If a virus destroys your business's software or irreparably corrupts your computers, your policy may pay to restore or replace your equipment.
- Restoring your business’s image. A data breach can tarnish your business’s reputation and make customers nervous about trusting you with their sensitive information. That’s why Cyber Risk policies can usually pay for a public relations expert to help educate your clients about the breach and repair your credibility.
- Negotiating with cyber extortionists. If a hacker accesses your data and threatens to hit your business with a distributed denial of service (DDoS) attack if you don’t pay a ransom, your insurer may cover the associated expenses.
Also worth noting is that cyber criminals don’t have to steal figures and numbers from the cloud in order for the theft to be considered a data breach. Many Cyber Liability policies also cover breaches that involve paper records.
So say you run a healthcare business, and you have physical patient records that document names, addresses, Social Security numbers, and a host of other confidential information. A thief sneaks into your office one night and steals medical equipment and a hundreds of physical records. Your policy may cover the costs of notifying patients because the crook could use their health records to steal identities online.
As you can see, it pays to have Cyber Liability Insurance just in case. It’s a versatile policy that can protect your business in more ways than one when a breach transcends the headlines and finally becomes a reality for your business. All cyber policies are different, so it’s essential to talk to your agent about what your policy covers and excludes. To learn about ways to mitigate the damage of a breach, be sure to read, “One More Way Customers Can Sue You.”