This week’s common question is – “Why do I need cyber insurance if I don’t sell anything and therefore don’t take personal information from clients?”
In the past this was asked by pretty much every company that did not sell directly to consumers but the tide is definitely shifting where almost every company needs some cyber coverage. Cyber coverage is unique in that covers losses you incur (first party) and losses to third parties do to your negligence. Some of the coverages include:
- Notification Costs (1st party)
- Extra Expense and Business Income (1st party)
- Cyber Extortion Costs (1st party)
- Forensic Costs (1st party)
- Settlements and Damages related to a breach (3rd party)
- PCI fines (3rd party)
- Legal Defense (3rd party)
This is just sample of what a cyber policy covers and is not inclusive. Some claims examples:
- If you have employee information you have what is referred to as personal identifiable information and if that is compromised you would need to notify those possibly impacted and pay for credit monitoring.
- A malicious party could use you as a gateway into hacking into a larger organization, much like what happened with the Target breach. Here the hackers got into Target’s system through the HVAC contractor.
- If you have trade secrets a hacker could steal those secrets and then extort you. Your supply chain could be disrupted causing a business income loss much like we saw with Merck last year.
These are a few examples of claims that could happen to any company regardless if they have a commercial product or not. Cyber insurance is relatively inexpensive and the risk is there for everyone. If you are not at least getting quotes I strongly suggest you do as every day the world becomes more dependent on IT.