Three common misconceptions about cyber coverage.
You’ve no doubt heard or read all the stories about the impact of Target’s data breach last year, which affected up to 110 million shoppers. More recently, Home Depot also suffered a credit card breach. Despite these two high profile cases, many businesses are still unclear as to whether or not they’re actually covered for this type of risk or simply feel that it’s not something they need.
We’d like to help clear up some of the misconceptions that are out there about cyber insurance coverage.
“I’m pretty sure I’m already covered for cyber risk exposures with my general liability policy.”
Let’s say the laptop or smartphone you use for work has been stolen. While the physical property itself would generally be covered, your commercial general liability policy won’t protect you from the consequences of lost or compromised data.
Here are a few reasons why cyber risk exposures aren’t covered by other policies:
- Data isn’t considered to be tangible property so it’s excluded under a property policy
- A computer virus or malware or DDoS (Distributed Denial of Service) attack resulting in lost business income wouldn’t be insurable under a traditional business interruption policy because it doesn’t qualify as a direct physical loss
- Extortion expenses, incident response expenses, regulatory proceeding expenses are also not covered under any traditional liability or property policy
- Commercial general liability also excludes damages arising out of the loss or corruption of electronic data
“We’re not a mega-corporation so we’re not really at risk.”
Cyber insurance is more than coverage against hackers – it covers human error and losses caused by employees. Almost half of all security incidents are caused by human error. What’s more, large multinational companies aren’t the only victims of privacy breaches. About 31% of reported breaches involved companies with fewer than 100 employees and nearly 70% of Canadian businesses have reported having a privacy incident in the past two years1.
“I’m sure I can manage on my own without having to get special insurance coverage.”
Before you dismiss cyber coverage altogether, ask yourself this: Do you have an incident response plan, disaster recovery plan and a business continuity plan? A lot of businesses don’t. The untold impact of a data breach is the reputational damage it can cause to the company itself. Consider that 89% of Canadians will avoid doing business with a company in which they have privacy concerns (witness Target’s dramatic drop in sales after their data breach)2. If a privacy incident is not properly handled, it can be devastating to the survival of the company.
If you’re still not sure about cyber risk coverage, talk to your broker. He or she can help you determine exactly what you need to ensure your business is protected.
1 SOURCE: International Cyber Security Protection Alliance, “Study of the Impact of Cyber Crime on Businesses in Canada
2 SOURCE: CyberAlert.com