Perhaps you recognize that your clients are at risk, and rightfully so. Whether they’re a small start-up organization or a large corporation, cyber hackers and threats are lurking around every corner. And, with techniques that are evolving rapidly, no amount of network security is 100% effective.
Just like all things cyber, the answer is complex. Every client will face cyber risk differently. How much coverage your client needs depends on a number of factors. It’s important to closely analyze your client’s cyber security posture in order to identify the best type of corresponding coverage.
What’s Your Client’s Risk Exposure?
Due to the complexity of cyber coverage, a cyber expert will be your best guide in finding the right coverage for your clients. To get you started, here’s a few factors you should consider:
1. Identify the Potential Risks
Every organization’s exposure is different as each utilizes different types of information or customer’s data to conduct their business. An organization that gathers sensitive data or Personally Identifiable Information (PII), such as social security numbers, dates of birth, bank account information, or credit card numbers, is going to be at greater risk than those who gather only email addresses.
Your clients should identify what type of information they utilize and what would happen should that information be compromised.
2. Review Their Business Associates
While some organizations don’t think they utilize PII in their business practices, and are therefore not at risk, a breach on any third-party vendor that your clients’ conduct business with could mean direct exposure for your client.
It’s important that all third-party vendors are properly vetted to make sure they have sound cyber security practices as their risk is your clients’ risk. In addition, your clients will need cyber coverage for not only an attack on their own organization but the potential of an attack on their third-party vendors. When contracting with these third party vendors, make sure they require that each vendor carriers adequate cyber insurance.
3. Evaluate Their Current Security Practices
Does your client stay up-to-date on all things cyber? Do they conduct regular social engineering training sessions for their employees and help them identify threats from malicious software? Do they regularly update all software and hardware?
If the answer is yes, your client is still at risk. If the answer is no, your client is facing an extremely high risk of an attack. A lot of policies come with these training tools to help lower their risk.
4. Project How Their Business Could be Affected
While it’s safe to say that most businesses now rely on technology in some way, an attack will affect every business differently. Some may be entirely locked out of their network and unable to conduct any business. Others may have lost some data they will need to rebuild while conducting business as normal.
There’s a number of questions your clients should ask themselves: Is the data they rely on backed up? How is it backed up? What would they do if they were locked out of their server tomorrow? Do they have a backup plan? It is key to note that even companies that have backups onsite, offsite and off line, or in the cloud have issues when trying to recover as often that data was corrupted as well.
5. Evaluate the Security Controls They Have in Place
While it’s important to understand what data a client has, it’s just as important to understand what controls they have around that data. If a client has access to healthcare data, they should be HIPAA compliant. If they are accepting credit cards, they should be PCI compliant or using a third-party that is PCI compliant. However, compliance is often a very basic level of protection. Similar to installing a two foot fence around your home, compliance may not mean secure. When companies invest in IT, they often feel that they should be getting a discount. However, in reality they’re simply meeting carrier expectations of their security controls. Anything you can discover about client controls will help explain the risk to underwriters and potentially get your clients better terms or rates.
As you can see, your clients’ individual level of risk is made up of a number of elements, particular only to their organizations and ways of conducting business. Since we’ve discussed the various ways your clients may be at risk, let’s review which coverages can be provided and how this cyber insurance coverage can protect them.
What’s Covered by Cyber Insurance?
It’s been rumored that cyber insurance doesn’t provide much coverage. However, many business owners have relied on the wrong type of policy to cover their cyber risk. In reality, cyber insurance has evolved drastically over the years and now cyber insurance covers an extensive amount of risks for businesses of all sizes.
From small start-ups to billion-dollar companies, these coverages can include:
First-Party Coverage for Costs Associated with a Breach
- IT Forensic Costs
While many don’t realize it, the process of tracking down how the hacker gained access is complicated and costly. In addition, this coverage includes determining what information has been breached so your clients can notify the appropriate parties.
- Notification Costs
In order to comply with all laws and regulations, it’s important that any affected parties and regulators are properly notified. These costs may include running a call center to contact those involved and answer potential questions and concerns from those affected.
- Credit Protection Costs
This is often offered as part of the notification process and provides credit monitoring service to all parties whose private information may have been exposed.
- Crisis Management Costs
How your clients respond publicly to a breach can have an enormous impact on how they will recover. This coverage provides media liability costs, which may include hiring a public relations firm to help mitigate any damages to your client’s public perception.
- Crime and Socials Engineering
Many cyber criminals use social engineering tactics to trick a business into directing funds out of their own account or handing over sensitive information and sending it directly into the hands of the hacker. This is referred to as “voluntary parting of funds” and is generally not covered under most policies as the user (although unknowingly) gave their own funds away. Cyber insurance specifically provides coverage for these social engineering attacks.
Third-party liability insurance provides coverage for claims that may be made against your client due to the breach of PII, including:
- Credit card numbers
- Social security numbers
- Bank account information
- Personal health information
- Sensitive corporate information
In addition, this third-party insurance will provide coverage for claims made for:
- Breach of contract
- Negligent protection of data
- Network security breaches
- Transmission of software viruses
- Denial of service attacks
- Defense costs of regulatory actions related to a breach as well as possible fines and penalties
- PCI fines and penalties and assessments
Additional Coverages should Include:
- Multi-media coverage for online advertising, intellectual property, copyright and trademark infringement, and libel or defamation claims.
- Cyber extortion should your clients’ face a ransomware attack. This coverage is available to cover the cost of ransom payments, should a demand be made.
- Cyber business interruption for organizations that rely heavily on the internet or their network for their revenue (which may also include dependent business interruption).
- Hacker damage or digital asset damage which can cover the cost to rebuild your clients’ website, intranet, network, or electronically-held data.
- Risk Management and Loss Prevention
ProWriters offers a variety of FREE resources for both you and your client which may help them avoid a breach altogether. In addition, our cyber blog will keep you up-to-date on all things cyber.
- Breach Coach and the Best Vendors
If your client does find themselves the victim of potential cyber attacks or a possible data breach, they’ll be in good hands with ProWriters’ exceptional post-breach services. With a breach coach ready to guide them through the entire process, they’ll be able to utilize the best vendors available to act quickly and mitigate the potential damages.
- Experience and Optimization
With upwards of 20 years of insurance experience and offering the best customer service in the industry, ProWriters has optimized the process of buying and selling insurance to make your job even easier. With our Cyber IQ Comparative Rate Portal, you can instantly compare multiple quotes from multiple carriers to find the best policy and coverage for your clients.
Whether you’re helping clients with a small business or large corporation, get them the best possible cyber protection, while saving you time. To speak to a ProWriters expert today for a FREE consultation, contact us or call us at 484-321-2335.