Despite its fleeting nature – it’s invisible, it’s intangible, its power is barely understood – data is the heart of the modern economy. As such, whether it is the carefully harvested data of one of today’s tech goliaths, the financial records of a major credit card company, or the personal details in a small real estate firm’s customer database, digital information has become one of the world’s most valuable commodities; one at constant risk of being attacked, stolen, held for ransom, or destroyed.
A commonly held misconception is that it’s only the large businesses – like Google and Facebook that turn data into unfathomable profitability – that require protection against hacks and other malicious activity. But make no mistake: it is imperative that any company in possession of sensitive information, regardless of its size or industry, has in place a comprehensive Cyber Insurance policy to guard against cybercrime and data breaches, the effects of which can leave a company’s reputation and finances in flames.
“Cyber applies to a myriad of industries,” said Nathan Rose, Senior Underwriter and Business Development Specialist at Burns & Wilcox, Vancouver, British Columbia. “If a company is handling sensitive information, then they’re at risk of compromise. If they’re holding onto confidential information on behalf of third parties, they carry one of the greatest risks. If that information is altered or lost in any way, they have a public relations nightmare on their hands, and those sorts of violations can cost millions.”
Data breaches are one of the most common events covered by a cyber policy, and an excellent example of how a properly constructed policy can mitigate a breach’s far-reaching effects, from profit-killing business disruptions to negative publicity that can drive customers to a company’s competitors.
“Cyber insurance policies have breach response teams built into them that help brokers and their clients react in the right way if a breach does occur,” Rose explained. “In fact, addressing a cyber breach in an open, honest and effective way can actually be an opportunity for good publicity.”
A cyber policy can also protect a company from cyber extortion and attacks that result in damage to a third party.
“Third-party liability is a significant aspect, because (a company) could be sued for almost an infinite dollar amount. If there’s multiple claimants, potentially even a class action, one loss can hit thousands and thousands of people,” said Rose.
The digital landscape alters in the blink of an eye; Rose said brokers dealing in the cyber space need to keep abreast of its trends and constant shifts. He discourages encryption exclusions in policies as well as retroactive exclusions, but he urges them to cover the costs of voluntary breach notifications.
“It’s good practice and it’s good risk management,” he stated.
Cybercrime is not going anywhere. It’s simply too profitable and too tempting for malign actors looking for an easy, anonymous score. Rose cites figures that estimate the global cost of cybercrime for 2018 will be close to $600 billion. With the average cost of an attack being approximately $4 million, an uninsured cyber event could be enough to end a small business.
“And just because a company’s been attacked once doesn’t necessarily mean it won’t be attacked again,” said Rose, adding that 27% of businesses who suffer a cyberattack get victimized again.
Too many businesses operate under the assumption that they won’t be targeted, that cyber insurance is too speculative to be a worthwhile investment. But just like data itself, cyber criminals are at constant work in the shadows. And it takes only one to make a business go dark, permanently.