Small businesses have to deal with many types of insurance to ensure they are protected from the threats they face. They likely have a commercial general liability (CGL) policy, which provides for basic liability and property coverage. Some may have flood insurance. And today they may need additional coverage for protection from cyber theft and data breaches.
As the Target, Home Depot and Ashley Madison breaches have shown, virtually any entity that has an electronic presence could be hacked. Whether thieves enter through an email server or via some ‘back door,’ as in the case at Target, there are numerous points where your systems can be compromised.
Many cyber security experts suggest it is not a matter of if you will be hacked, but when. This is important, because it means instead of unrealistically pretending you can continue to do things as you always have, relying on your firewalls and security audits, you must have plans handle and minimize the damage from a breach.
Insurers are likely to offer more policies for cyber security breaches, but business will need to carefully ascertain their need and work with their insurer to make certain the policy truly supplies the coverage they are likely to require.
For instance, because businesses are not protected by regulation E (the Electronic Fund Transfer Act,) if their bank accounts are compromised by hackers, they can suffer hundreds of thousands of dollars in losses that will not be covered by a bank, unlike individuals.
Companies should maintain a careful watch on company accounts at all times, and should change internal procedures so that all transfers require at least two-person approval. Having an isolated, dedicated server for financial information and accounts that is not accessible from your other systems can make financial fraud more difficult.
Sadly, the FBI estimates there have been an estimated $800 million in losses to more than 8,000 businesses in the last two years with this type of fraud, insurers are likely to see an increase in businesses looking for protection and a growth opportunity for this type of coverage.
Source: npr.org, “When Cyber Fraud Hits Businesses, Banks May Not Offer Protection,” John Ydstie, September 15, 2015