Home » OPINION » Columns » MARK BLACKWELL: Cyber security insurance perhaps?

MARK BLACKWELL: Cyber security insurance perhaps?

Mark Blackwell

Mark Blackwell

In the past month, two instances have highlighted the need for me to pay increased attention to cyber security.  First, my credit card company called to inform me that someone who should not have had access to my accounts had been shopping online with my cards.  In the second instance, my insurance provider was apparently hacked and my personal information may have been compromised.  The first problem was remedied quickly – I confirmed that the charges were not mine; my credit cards were cancelled; new cards were issued; and the charges were reversed.  The second issue may take longer to reconcile, though, since we must wait to see if the hacker is able to use my information for his profit.  In the meantime, the insurance company has paid for my enrollment in an identity protection service to track and respond to any attempt to utilize the compromised data.

Many people still refuse to provide personal data online, but the numerous reports of breaches at major corporations suggests that we are all at risk of having our personal and financial information compromised at some point.  Individuals and businesses need to take steps to avoid or minimize the direct costs of this risk.  Professional practices may be particularly ripe targets because they often store highly sensitive client information on internal and online databases.  The costs for businesses to clean up after a breach are not low.  In 2014, U.S. companies spent an average of $201 per record compromised, according to a study by Ponemon Institute.  Those costs can run far higher at firms in highly regulated and lawsuit-prone industries like healthcare and accounting.  To protect against these financial risks, a practice may want to consider getting cyber insurance.

There are two primary types of cyber coverage that firms may consider:  “first party” and “third party.”  First-party insurance helps pay for the direct costs, such as investigating the breach’s cause; notifying and providing credit monitoring services to clients; and dealing with business interruption and any harm to the practice’s professional reputation.  Third-party coverage pays costs suffered by others, such as lawsuits or regulatory fines stemming from the breach.

Cyber policies are customized to a company’s needs and risks, as are premiums and payouts.  Policies generally have a stated maximum for claim coverage.  Since each policy is unique, it is vital to talk with an experienced insurance advisor who specializes in cyber insurance and can shop for policies from competitive providers.

Here are a few things to consider before purchasing cyber insurance:
•What are your cyber liability risks?
Understand the risks that may stem from the data your company stores.  For example, some practices may keep clients’ trade secrets, customer lists, marketing plans, intellectual property documents, and personal credit information stored online or on a shared computer network.

•Do your employees work remotely?
The equipment at their home (or at the local coffee shop, for that matter) may not have the data-security protocols of their office computer.  Some policies may not cover a cyber attack on computers outside of the office.

•Do outside vendors and consultants access your data?
Some policies may not cover a cyber attack targeted at an outside vendor, even if it compromises your data.

•Do you understand all of the terms?
The language and exclusions differ from policy to policy.  For example, it is important to know what terms like “confidential information” and “personally identifiable information” mean to your insurer.

As more of our transactions and data storage move online, protecting ourselves and our clients from malicious or accidental compromise will become increasingly important.  Equally important will be identifying providers of security protocols for our home and business computers.  Securing a cyber protection policy that can mitigate your company’s financial exposure in the event of a breach is an additional component of a comprehensive electronic security plan.

» Mark Blackwell is a Certified Wealth Strategist and the Mississippi Area Executive for Regions Private Wealth Management.  He can be reached at mark.blackwell@regions.com.

BEFORE YOU GO…

… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.

If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.

Click for more info

About Contributing Columnist

3 comments

  1. “It’ll never happen to me!” … How many times have we heard these words? Surely these are the words that haunt every person involved in Insurance. But in relation to cyber security the reality is that it WILL happen to you! Sound like a bold statement? No… not really.

    We need to look at ‘cyber’ differently than we are currently, because we’re often looking at the problem from one direction – from the outside. We think the problem is ‘out there’… the mysterious and scary hacker who has a brain the size of house who can manipulate code to make our computers betray us!!!

    Yes… this happens. Yes… there are people out there, individuals and organised gangs working tirelessly to break in to your computer and steal from you. But in truth the biggest threat is internal… and I’m not just talking about employees.

    Insider threat does indeed mean employees stealing your information, but what about genuine mistakes? 20 years ago it would be quite difficult for an employee to screw up so badly that it could kill your company, but today… after a night watching late night football, a couple of beers, an early morning start and hitting the wrong key on a keyboard and ‘hey presto’ … Good bye business!

    Insider threat is also YOU! How many times have YOU handed over your credit card and not watched who’s holding it? Or clicked on a link from a friend who has “the funniest video you MUST watch!”… Click… Watch… Good bye business!

    Cyber Insurance is no longer an option… because you WILL get burnt. I guarantee it. When you see these studies stating “81% of large businesses have suffered a data breach.” Just remember the reason it’s not 100% is because the other 19% just don’t realise they’ve been breached or are denying it.

  2. Seems like a reactionary racket to me. What this type of insurance does not cover is the loss of trust from your customer base when you lose their personal data to hackers. Focus your money and time on preemptively hardening your infrastructure and making yourself a difficult target to compromise instead. Keep your customers’ trust in the meantime.

  3. Hello Mark

    This is a great article. I encouraged companies who want pursue cyber security insurance to make sure that the policies include physical security implementations as well. For example, a Bluetooth device such as the Gatekeeper can automatically lock an employee’s workstation when the employee walks a certain distance away from it.

Leave a Reply

Your email address will not be published. Required fields are marked *

*