How to Maximize Your Risk Management Program
Article by Josh Fearon
Every business large and small has private information that needs to be protected, and today, cybercriminals are on the hunt for any information they can get. According to Forbes, data breaches exposed 4.1 billion private records in the first six months of 2019 alone, highlighted by the Capital One breach that affected 106 million people. As a business owner, the time to assess your cyber liability coverage isn’t after a data breach occurs. It’s now.
Data breaches and cyber-attacks are expensive, time-consuming and damaging to a business’s reputation. A recent study titled “Cost of a Data Breach” by IBM and the Ponemon Institute found that the average cost of a data breach in 2019 is nearly $3.9 million and takes 279 days to identify and contain. Equally concerning is the increased success in smaller ransomware attacks, with the average attack costing $41,198 and taking nearly two weeks to resolve. With this in mind, it is important that you know how to maximize your risk management program, get the most out of your insurance policy and set your business up for success in the instance of a data breach or cyber-related attack.
- Train your employees by implementing a response plan. Good communication is the best way to handle a cyber-attack efficiently and effectively. Work with your senior management team to create procedures that train employees on what to do when a cyber-attack occurs, and even more importantly, how to recognize when it is occurring. Although it is not always detectable at first, there are a few simple signs of a cyber-attack that your staff should be aware of, including things like an increase in pop-ups, an unusually slow internet connection and phishing emails.
While communicating with your insurance agent is crucial, communicating with your employees is just as important in minimizing the damage inflicted by a cyber-attack. Having procedures that highlight how to detect, prevent and react when an incident occurs will ensure that your business remains as safe as possible.
- In a crisis, defer to the experts. Your agent is a resource and advocate for you in times of a data breach or cyber-related attack. When an incident occurs, a business owner’s first reaction is often to try and resolve the situation on their own without the help of their insurance company. This is usually done out of fear of rising premium costs or a tarnished reputation. But your agent needs to know when you are having a cyber-attack as soon as possible to help stop the problem and enable you to gain access to your policy resources.
Additionally, claims can potentially be denied by a carrier if you do not report the incident in a timely manner. Carriers welcome reports or incidents and can be your best resource given their extensive claims experience responding to similar situations worldwide.
- Talk with your agent about what additional benefits your policy may offer. Often, carriers provide risk management services in addition to traditional insurance coverage. These resources vary by carrier and policy form but can include things such as employee phishing training programs, incident response planning, identity theft protection, encryption systems, public relations support, data breach calculators/estimators, and up-to-date news and education resources.
Data breaches and cyber-attacks can happen to businesses of all sizes. If you do not have cyber coverage for your business, now is the time to consider it, especially with an increase in the frequency and severity of these incidents. Many buyers are unaware of the significant first party coverages included in a traditional cyber insurance program. Your first-party coverage should include items such as Notification and Forensic Costs, Business Interruption, Cyber Extortion Payments, Digital Asset Restoration, PCI-DSS Assessments and Regulatory Fines and Penalties.
The market is competitive for cyber coverage, which means coverage is expanding and enhancing, and premiums are lowering. While cyber insurance may have been a luxury in the past, it is now a necessity. Communicate with your insurance agent and employees to make sure everyone is working as a team to protect your business.