{"id":135,"date":"2017-05-18T13:57:42","date_gmt":"2017-05-18T13:57:42","guid":{"rendered":"https:\/\/www.apslaw.com\/its-your-business\/?p=135"},"modified":"2023-04-25T16:13:31","modified_gmt":"2023-04-25T20:13:31","slug":"cyber-insurance-a-necessary-shield-against-digital-infiltration","status":"publish","type":"post","link":"https:\/\/www.apslaw.com\/its-your-business\/2017\/05\/18\/cyber-insurance-a-necessary-shield-against-digital-infiltration\/","title":{"rendered":"Cyber Insurance: A Necessary Shield Against Digital Infiltration"},"content":{"rendered":"<p>The threat of a cyber-attack is hardly virtual.\u00a0 From covertly installing malware that holds a victim company\u2019s data hostage, to soliciting confidential information via email under the false pretense that they are privy to such material, hackers continue to improve their methods of digital infiltration.\u00a0 And while the impact of these attacks is costly, it is insurable.\u00a0 In December 2016, Yahoo reported that a single 2013 cyber-attack compromised over one billion of its user accounts by obtaining its members\u2019 full names, telephone numbers, birthdates, and passwords.<\/p>\n<p>A company need not be the size of Yahoo to experience a cyber-attack.\u00a0 In fact, nearly two-thirds of all attacks target small and medium-sized businesses. <em>A Guide to Cyber Risk<\/em>, Allianz Global Corporate &amp; Specialty (2015).\u00a0 A 2014 National Small Business Association report revealed that almost half of the 845 surveyed businesses had experienced at least one security breach, with nearly 60 percent of those breaches triggering business interruption.\u00a0 The report also estimated that the average cost associated with responding to each small business cyber-attack was in excess of $8,600.<\/p>\n<p>A business that falls victim to a data breach today should expect to pay around $190 per compromised record.\u00a0 Charles N. Insler, <em>Defending Against Today\u2019s Digital Threats<\/em>, Data Management and Security (2017).\u00a0 And if the business does not have a cyber insurance policy \u2013 not unlike two-thirds of companies within the United States \u2013 it should expect to pay the entire remediation cost.\u00a0 According to Andrew Bagrin, founder and CEO of the cybersecurity company My Digital Shield, few businesses recognize the impact of a breach until it is too late. Karen E. Klein, <em>Insurance for When You Get Hacked<\/em>, Bloomberg (2014).<\/p>\n<p>Given that 2017 is expected to bring an increase in the number of cyber-attacks worldwide, now is an ideal time to consider purchasing cyber insurance.\u00a0 Because cyber insurance policies have only been available for approximately 12 years, there are still no real standards for pricing or coverage.\u00a0 For this reason, businesses should determine the expenses and incidents for which they seek coverage prior to meeting with their insurance provider.\u00a0 Presently, cyber insurance policies may offer coverage for the following expenses or losses:<\/p>\n<ul>\n<li><strong>Forensic Investigation. <\/strong>Hiring third-party assistance, such as forensic experts, to determine the cause of the cyber-attack and how to prevent a future occurrence.<\/li>\n<li><strong>Privacy Breach and Notification. <\/strong>Informing customers and affected parties of the breach, as well as providing credit monitoring or identity theft protection to those whose privacy may have been compromised.<\/li>\n<li><strong>Data Breach. <\/strong>Recovering lost data or restoring compromised data.<\/li>\n<li><strong>Damaged Hardware and Software. <\/strong>Restoring, updating, repairing, or replacing affected hardware and software.<\/li>\n<li><strong>Business Interruption. <\/strong>Monetary losses, including profit loss, due to network downtime.<\/li>\n<li><strong>Extortion Liability. <\/strong>Expenses related to ransomware attacks and other acts of cyberterrorism.<\/li>\n<li><strong>Reputational Damage. <\/strong>Hiring public relations firms to mitigate reputational harm resulting from the security breach.<\/li>\n<li><strong>Legal Fees. <\/strong>Expenses from arising from the security breach, including payment of regulatory fines and penalties.<\/li>\n<\/ul>\n<p>Any chosen cyber insurance policy should include a least six months of retroactive coverage for data breaches.\u00a0 This is because, on average, it takes a network owner over 200 days to realize that a security breach has occurred. <em>The Cost of Immaturity<\/em>, The Economist (2015).<\/p>\n<p>Additionally, any company\u2019s policy should provide protection against claims brought by its employees.\u00a0 Hackers are hardly selective when soliciting sensitive data from their victims.\u00a0 Therefore, cyber-attacks can implicate personally identifiable information from not only clients, but employees as well.\u00a0 Insler, <em>Defending Against Today\u2019s Digital Threats<\/em>.\u00a0 In the same vein, an employee can also be a perpetrator of a data breach \u2013 willingly or otherwise. As such, any cyber insurance policy should also include a provision ensuring coverage in the event that a business encounters a cyber-attack due to the conduct of someone on its own payroll.\u00a0 <em>Id.<\/em><\/p>\n<p>Unfortunately, cyber security measures are often lagging behind their criminal counterparts in the digital arms race.\u00a0 Data breaches threaten the integrity of businesses now more than ever, and any company\u2019s insurance policy should include a cybersecurity provision to reflect this trend.\u00a0 No business in the electronic age will ever be completely immune from a cyber-attack, but with the right insurance policy, it can obtain a significant degree of protection against the unknown threats in cyberspace.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat of a cyber-attack is hardly virtual.\u00a0 From covertly installing malware that holds a victim company\u2019s data hostage, to soliciting confidential information via email under the false pretense that they are privy to such material, hackers continue to improve their methods&#8230;<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2,20],"tags":[65,33,34,7,5],"class_list":["post-135","post","type-post","status-publish","format-standard","hentry","category-business-law","category-intellectual-property","tag-cyber-insurance","tag-cyber-security","tag-data-breaches","tag-employees","tag-rhode-island-business-law"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/posts\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":0,"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.apslaw.com\/its-your-business\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}