Technology is changing more rapidly today than ever before in human history. The advancements in connectivity between people and businesses have led to an unprecedented global interconnectedness. With any new system there will be those who try to exploit loopholes, break and bend laws, and illegally profit from others. In recent years, the highly publicized information leaks and system hacking of several major companies have been all over the headlines. The risks of cyber attacks on businesses were made most clear after electronic giant Sony’s PlayStation network was hacked, resulting in the theft of many of its customers’ billing information.
It is estimated that the total cost of the Sony breach was over $2 billion due to fixing the system leak, notifying the customers of the incident, costs for any losses or settlements, and loss of business. With the amount of money that large businesses can put into preventing cyber attacks, these sorts of intrusions are relatively rare and the companies have enough assets to survive the occurrence. Just like petty thieves are more prevalent than bank robbers, these high risk high reward intrusions are rare; instead most cyber thieves focus on smaller companies with fewer security features and sensitive client information.
For these smaller businesses, the dangers are more pronounced and a breach can cause a significant amount of damage with far less effort on the hacker’s part. Some of those most vulnerable businesses are medical offices, law offices, accounting firms, and any business that keeps client billing or identification information on file. Small businesses like these are at risk for lawsuits, software and equipment replacement, loss of production, public relations nightmares, and the cost of notifying clients if their systems are hacked. Given these costs and further litigation against the business, a single incident could bankrupt a business.
Several insurance companies now offer separate cyber-insurance policies to cover gaps in coverage from your basic business owner policies. Insurance has been slow to adapt to the technological age, but some coverage from a general liability policy can apply toward cyber attacks. Information stolen online can be covered in the theft portion of your policy and hardware damage from a stolen or corrupted computer system could be covered under a scheduled equipment rider, but these coverages are not designed specifically for cyber attacks and the far reaching damages that they can cause.
A proper cyber policy should protect you from all of the aspects mentioned above: PR issues, lawsuits, equipment, software, client notification (the law requires that any potentially effected clients be notified immediately following the discovery of a potential breach), and loss of business or productivity. These should specifically apply to hackers or other cyber attacks and fill any gaps in your general or professional liability policies pertaining to technological security. Since this is a developing field of insurance, the pricing can be very fluid and depends on the size of your business, what information is at risk, and your system’s security features.