Cyber vulnerabilities may not be top of mind for most businesses, but they should be. A data breach or hack can cost businesses far more than just downtime. We interviewed Scott Wojtysiak of Reliable Insurance Agency to understand exactly what the risks for businesses are as well as how to mitigate them.
1. Why do businesses need cyber-specific policies?
Scott Wojtysiak (SW): First and foremost, they need to protect their reputations. Often, companies experience negative public relations after a hack. The insurance company can help them rebuild their reputation, which might involve email blasts, commercials, et cetera that communicate what they’ve done to ensure a breach won’t happen again. The insurance company will also notify those that were affected.
General liability doesn’t include cybersecurity coverage, so for businesses that deal with private information like credit card numbers, it’s imperative to get that cyber insurance policy to protect that data.
2. Does the industry a business is in affect its coverage needs?
SW: It depends more on what the business’ exposure to risks is. A tech company that is responsible for people’s data is looked at as having more exposure. If it were to get hacked, it would be more devastating than if, for example, a landscaper’s email got hacked.
Other industries may need coverage in order to meet compliance. This typically applies to heavily regulated industries like banking and healthcare.
3. How do businesses know what is/isn’t included in their coverage?
SW: It’s the responsibility of the insurance professional a company works with to explain what’s covered with a cyber insurance policy. You may assume general liability provides coverage, but there are exclusions in every policy so it’s important to ask questions so you understand what you’re getting.
4. Can businesses you partner with require you to carry cyber insurance?
SW: Yes. People are aware Target was breached through an HVAC company they worked with. You want to mitigate the risks you face when working with third parties. Requiring those who work under you to have a certain level of cyber coverage is one way to protect your reputation and show you take cybersecurity seriously.
5. If a business implements cybersecurity tools or works with a managed service provider (MSP), does it still need insurance?
SW: That’s the biggest disconnect: employers don’t feel like they’re at risk if they’re working with an MSP, but their data isn’t the service provider’s data. The MSP is just helping the company find a place to harbor it. Having a cyber insurance policy is what protects that data.
6. How often should policies be reviewed?
SW: A cyber policy should be reviewed, at a minimum, annually as well as whenever changes occur. As a business shifts, its insurance needs to change accordingly.
A company might start housing data on its own servers, and that changes its IT vulnerabilities and risks. A business might start accepting credit cards, which means it is now responsible for customers’ sensitive financial data. These are both examples of changes that need to be reflected in the cybersecurity insurance policy.
7. What’s your key takeaway for businesses that don’t have cyber insurance?
SW: Everybody does ecommerce. If you’re communicating via email, that’s ecommerce in some shape or form. You’ll be compromised at some point. It only takes one accidental click by an employee to introduce ransomware or viruses into your network. That’s where a cyber insurance policy pays off.
Don’t Ignore the Importance of a Cyber Insurance Policy
Protecting your company should be a top priority. Cybersecurity insurance minimizes your risks to IT exposure and can help you get back on track if a data breach occurs.
KLH offers complimentary IT Security & Performance Assessments that can help you identify IT vulnerability gaps. Once you know what these are, you’ll be better prepared to talk to a cyber insurance provider about the type of policy that’s best for your company.