You’ll frequently hear about cyber attacks on major Fortune 1000 companies, the latest being the Wannacry hack. The story tells of millions of customers’ data that was compromised. It’s bad for the companies’ reputation and customers are upset that their personal data has been compromised. There are rules regarding what a company needs to do after a breach including a duty to notify the client whose data has been compromised.
Most small businesses think they are immune to such hacks. But they are the most susceptible to this type of attack. They generally don’t have as much money put aside for their cyber security needs and the costs involved with notification after a breach can be debilitatingly expensive.
There are two types of cyber policies. One for 1st Party claims and one for 3rd party claims.
An example of a 1st Party claim: A consulting business uses accounting software to process their recurring credit card payments. The accounting software deposits the credit card payments directly into the company’s bank account. A phishing scam compromises the accounting software login and password. Hackers change the account that credit card transactions are deposited into. They use two stolen credit cards and charge $12,000 on each one. They empty that bank account and close it before anyone is aware of the crime. The accounting software company says it’s the consultant's fault and they should file a claim on their cyber policy, which they never purchased. The consultant is out $24,000.
A 3rd party claim has more to do with the notification process. For every data point stolen in a breach, the company must inform the client of their breach and monitor their credit. The cost of notification and monitoring depends upon the type of data stolen. It can range between $50 and $150 per data point. A data point is considered a name, date of birth and an email address. That is enough to trigger the requirement for notification. You must notify everyone whose data was compromised. Imagine if you had 5,000 data points at $50 per point. That’s a small breach and it’s $25,000. That’s not even counting the cost if you were to be sued over the breach.
Think about how much data your company has on clients, potential clients, and business partners. Then do some simple math and decide if you can afford that. Check out our cyber risk calculator at the bottom of our cyber insurance page.
To speak with one of our risk management professionals about your cyber exposures and how we can help you, fill out the form below:
Article by Aaron Hennings
Aaron has been in the insurance industry since 2010. He specializes in helping businesses in the Construction, Habitational, and Manufacturing industries, but has experience working with businesses of all kinds.