The growing trend in cyber attacks is now targeted at small to medium sized businesses (SMB). In fact, close to 70% of SMBs experience cyber attacks. As a result, it is imperative your SMB business has the right cyber liability insurance in place for your particular industry. Equally important, coverage should be in place before, not after, an attack. Each insurance company is different and may not cover all case scenarios. Most policies are generic in qualifying categories in what’s covered or disqualified. In this article, learn to ask the right questions to ensure the coverage you purchase includes reimbursement of all expenses related to an incident.
At OrLANtech, often our clients ask us for guidance in choosing a cyber security insurance policy, or if the one they have is adequate. The main thing we do is advise them is to ask their agent questions about coverage for certain types of scenarios, such as the following:
- One of our employees accidentally clicked on a link in an email and it resulted in our systems being encrypted and held for ransom. Would the policy cover all expenses related to the recovery of our data, including paying the ransom, negotiating, labor to rebuild systems, down time, loss of revenue, etc.?
- In the unfortunate scenario of it being a malicious attack that destroys our data with no solution of paying a ransom, would the policy cover the costs to recreate the data and loss of revenue, or other related expense if backup systems are compromised as well?
- Some of our clients’ data was breached. Would the policy cover legal expenses to deal with it?
- If there were any compliancy fines due to the breach, would they be covered?
- If one of our email accounts were compromised and deceived a client in to a wire transfer or modification of bank routing numbers, would it be covered?
- If one of our employees were deceived in to a payment/wire transfer from a client/vendor’s email account that had been compromised, would it be covered?
- If an illegal wire/payment were transferred out of our account, would it be covered?
- Do you know of any reasons why a claim would be denied that we should be made aware of up front so we can make the appropriate changes (e.g., security, training, etc.) if needed?
These examples are a good start, but certainly not restricted, for you to modify to fit your industry. Try to think outside of the box for something specific that could happen to your company and include it in your list of questions. It could be something like “many of my clients use thumbdrives to share data with us. What if we are breached and it infects these thumbdrives and then, in turn, compromises our clients’ networks as well?”
Note that it is impossible to come up with every possible scenario. However, it should be your insurance agent’s responsibility to thoroughly discuss all of these instances in detail with you and then follow up in writing as well for future reference. If he/she does not, it would be in your best interest to seek a new agent.
Cyber crime is relentless, and there is no sure way to prevent cyber attacks. By 2024, cyber security expenditures are expected to reach $1 trillion. All companies from startups to global giants are at risk. Unfortunately with SMB, cyber attacks are too easy and the chances of being caught and punished are perceived as being too low.
Think your company is safe? Don’t assume you are not a target. Learn more about cyber insurance, ask the agents possible scenario questions, understand coverages and then choose the one that best protects you, your business and your clients and customers in the event of a cyber incident.