It seems you can’t turn on the news without hearing about a cyber-related crime or incident.
Criminals are increasingly using ransomware as a means of extortion. Ransomware is a form of malware, usually delivered by email phishing scams, that locks victims out of their critical data until they pay the criminals a fee. The FBI received more than 2,400 complaints about ransomware in 2015, with a reported loss of more than $24 million. Authorities believe the actual costs could be much higher because the crime is underreported. The Department of Justice estimates that these ransomware attacks now average 4,000 per day – that’s a 300 percent increase over 2015.
Headlines usually describe breaches of sensitive customer data suffered by large, well-known companies. In reality, most cyber-attacks are not high-profile cases but softer targets, such as small- to medium-size operations. No business or industry is immune to cyber risks. Lost or stolen mobile devices, improper disposal of paper records or deficiencies in system malware protection can lead to a breach or attack.
The good news is that insurance coverage is available that can be tailored to protect your business from cyber risks.
DATA BREACH PROTECTION
Small- to medium-sized businesses should consider coverage for:
- response expenses, including forensic IT and legal reviews, notification to affected individuals, public relations expenses as well as fines and penalty coverage
- third-party defense and liability
- identity theft recovery
- protection from computer attack on your network, including data restoration and re‑creation costs, system restoration expenses, loss of business income and public relations services
- network security liability in case there is a breach of third-party business information, unintended spreading or forwarding of malware or a denial of service attack
CYBER DEFENSE PROTECTION
If your business stores large quantities of sensitive information, for example, financial institutions, health care organizations or schools, ask about cyber defense coverage which may include:
- cyber extortion coverage
- electronic media liability coverage
- access to online risk management and educational resources
STEPS YOU CAN TAKE
With or without insurance coverage, you can take steps help prevent loss:
- encrypt data
- patch system vulnerabilities
- shred sensitive documents
- educate your employees on topics such as email phishing scams
- develop and test contingency plans
Coverages described here are in the most general terms and are subject to actual policy conditions and exclusions. For actual coverage wording, conditions and exclusions, refer to the policy or contact your independent agent.