Cyber security has become a growing concern for U.S. companies over the past couple of years, and for good reason. Information breaches have not only become increasingly common, but also much larger. Nothing illustrates the state of modern web security quite as well as the most recent breach, which saw hackers target the IRS by exploiting faulty security to compromise over 100,000 taxpayer records.
Similar breaches have also affected much smaller companies, and it’s common to see a forward-thinking insurance company racing to adapt. Here is what you need to know to determine if, first, you’re actually in need of cyber insurance and, second, what you should look for in a policy.
Are You At Risk?
If you work with customer information of any kind, then the answer is likely yes. The term to look out for here is Personally Identifiable Information, or PII. It’s not a technical term, but rather a legal term that carries some teeth if you have to deal with it.
At its root, PII is any piece of collected information that could potentially allow a third party to identify a business’s individual clients. Given how good the Internet is at leveraging even tiny hints to track down a person, that definition is awfully broad. Full names, email addresses, site nicknames, and (sometimes) even web cookies can all qualify as PII.
If you’re storing anything that falls under the PII umbrella, you’re at risk of a breach. Breaches are enormously costly, both for affected customers and for the company responsible for the loss. Companies in the healthcare and retail industries are obviously at an increased risk, but when it comes down to it, any business that makes a habit of collecting information should ask their insurance company about cyber policies.
What Your Cyber Policy Needs
You’ll need to look for a few things in any cyber insurance policy. As you may expect, a good policy should cover the financial damages directly caused by a breach. However, cyber attacks can cause financial damage in a wide variety of ways. In particular, make sure that your company is protected against:
- Losses caused by lost time and productivity. A major hack can cause company gears to grind to a halt. Find an insurance company that guarantees coverage for the revenue lost during this period. – Indemnification caused by a third party. Few modern companies handle their data on their own. Outsourced IT support or other companies can fall victim to a breach that affects your customers. – Loss of Reputation. Breached companies, even those that have done their due diligence, almost always take a PR hit in the wake of an attack. A good policy offers some cushioning against the customer losses that generally ensue.
Finally, also try your best to work with an insurance company that has an educational component. Some plans will also come with training to avoid a breach. As nice as protection is, it’s safe to say that it’s best left unused. Installing a set of best practices can help keep you from having to rely on a safety net in the first place.