In the past month, two instances have highlighted the need for me to pay increased attention to cyber security. First, my credit card company called to inform me that someone who should not have had access to my accounts had been shopping online with my cards. In the second instance, my insurance provider was apparently hacked and my personal information may have been compromised. The first problem was remedied quickly – I confirmed that the charges were not mine; my credit cards were cancelled; new cards were issued; and the charges were reversed. The second issue may take longer to reconcile, though, since we must wait to see if the hacker is able to use my information for his profit. In the meantime, the insurance company has paid for my enrollment in an identity protection service to track and respond to any attempt to utilize the compromised data.
Many people still refuse to provide personal data online, but the numerous reports of breaches at major corporations suggests that we are all at risk of having our personal and financial information compromised at some point. Individuals and businesses need to take steps to avoid or minimize the direct costs of this risk. Professional practices may be particularly ripe targets because they often store highly sensitive client information on internal and online databases. The costs for businesses to clean up after a breach are not low. In 2014, U.S. companies spent an average of $201 per record compromised, according to a study by Ponemon Institute. Those costs can run far higher at firms in highly regulated and lawsuit-prone industries like healthcare and accounting. To protect against these financial risks, a practice may want to consider getting cyber insurance.
There are two primary types of cyber coverage that firms may consider: “first party” and “third party.” First-party insurance helps pay for the direct costs, such as investigating the breach’s cause; notifying and providing credit monitoring services to clients; and dealing with business interruption and any harm to the practice’s professional reputation. Third-party coverage pays costs suffered by others, such as lawsuits or regulatory fines stemming from the breach.
Cyber policies are customized to a company’s needs and risks, as are premiums and payouts. Policies generally have a stated maximum for claim coverage. Since each policy is unique, it is vital to talk with an experienced insurance advisor who specializes in cyber insurance and can shop for policies from competitive providers.
Here are a few things to consider before purchasing cyber insurance:
•What are your cyber liability risks?
Understand the risks that may stem from the data your company stores. For example, some practices may keep clients’ trade secrets, customer lists, marketing plans, intellectual property documents, and personal credit information stored online or on a shared computer network.
•Do your employees work remotely?
The equipment at their home (or at the local coffee shop, for that matter) may not have the data-security protocols of their office computer. Some policies may not cover a cyber attack on computers outside of the office.
•Do outside vendors and consultants access your data?
Some policies may not cover a cyber attack targeted at an outside vendor, even if it compromises your data.
•Do you understand all of the terms?
The language and exclusions differ from policy to policy. For example, it is important to know what terms like “confidential information” and “personally identifiable information” mean to your insurer.
As more of our transactions and data storage move online, protecting ourselves and our clients from malicious or accidental compromise will become increasingly important. Equally important will be identifying providers of security protocols for our home and business computers. Securing a cyber protection policy that can mitigate your company’s financial exposure in the event of a breach is an additional component of a comprehensive electronic security plan.
» Mark Blackwell is a Certified Wealth Strategist and the Mississippi Area Executive for Regions Private Wealth Management. He can be reached at firstname.lastname@example.org.
BEFORE YOU GO…
… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.
If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.Click for more info