You run best-of-breed security software in your business. Your firewall is from a top-tier vendor and hardened. You run regular penetration tests on your network to make sure your exposure is in check. You even encrypt your data and enforce strong password policies on your network.
These are all excellent security practices, but they are hardly foolproof measures. They may slow down a cyber attacker, but a determined attacker with your business in their sights may still be able to find away to your data. The sad truth is that the cybercriminals are advancing just as fast as the technology designed to thwart them. The cybercriminals are also focusing more on less-risky, less-prepared targets such as small and medium businesses.
For a business owner or executive in charge of technology or risk, the problem is two-fold. All of the technology measures just described are excellent approaches to addressing cyber risk. But what about the risk associated with financial losses or liability that could result if the technology-based protective measures fail? Specifically, will your insurance policy cover losses, damage, and liability?
You may think that your small business general liability or property insurance policy covers data-related losses, but don’t assume anything without checking with your provider. Many policies include an “intangible property exclusion,” which would exclude data because you can’t touch it or feel it. That makes it difficult to calculate the value or replacement cost for insurance companies, so their normal policies simply don’t cover it. However, with businesses increasingly relying on electronic assets as a vital part of their business operations, insurance companies are starting to either add on cybersecurity protections to traditional policies or add entirely new cybersecurity insurance policies as options.
Cybersecurity policies can insure against data loss, liability associated with data loss, the cost of downtime to your business, and the cost of restoring lost or corrupt data. This kind of coverage is commonly referred to as “first-party coverage.” If your business deals in sensitive customer personal information (credit card numbers, health information, etc.), policies can also cover the exposure and expense associated with the loss of such information (credit-monitoring services, notifying customers, etc.). This kind of coverage is commonly referred to as “third-party coverage” (i.e. losses associated with third parties).
Cybersecurity coverage goes hand-in-hand with proper technological preventative measures. Your auto insurance provider likely offers discounts for added safety features on your car, a safe driving record, etc. Similarly, cybersecurity insurance providers will want to see due diligence in the form of preventative measures to protect your business data. If your coverage level is high enough, providers may want to see advanced security measures such as mandatory complex passwords, high-strength data encryption, protection against removal of data on portable devices, etc.
The best place to start is by contacting your insurance provider to find out the limits of your current policy. If cybersecurity coverage is offered, consider how important your data is to your business and how severely impacted your business would be in the event of a loss. If your business deals in sensitive customer data, you have even more to consider in the form of third-party losses.
Is your business data and network well-secured? Contact us at (888) 600-4560, email us at firstname.lastname@example.org or contact us on Facebook or Twitter (@coldenco) if you want to check your current security measures or investigate ways to improve your security.