Hacks, Attacks, and Equifax: The Three Questions You Should Ask Before Looking Into Cyber Liability Insurance
It’s time to have the talk.
It’s never a topic that anyone wants to bring up… I mean, let’s face it, it’s a little bit uncomfortable… but with the way things are in the world today, I think it’s time we talk about it. It’s just unavoidable at this point. So, here goes:
How do you know it’s time to look into cyber liability insurance?
Okay, all jokes aside, if you follow the news, it’s pretty obvious that this is an important issue for businesses, and it’s not going to be any less of an issue anytime soon. Our reliance on things like computers, The Cloud, data networks, social media and raw personal information is only getting stronger and stronger. So, how do you know it’s time for your business to look into insurance to keep you protected on the data front?
Well, it sounds like it’s time that you need to sit down and ask yourself these three questions:
1. What’s the Deal with Our Data?
When trying to figure out if cyber liability insurance is for you, the first thing you need to figure out is how your business uses data. We’re not asking how you protect the data that you have; We actually want to know what raw, personal data is stored by your business.
The best way to do this is by grabbing a piece of scratch paper and dividing it up into at least two columns for employees, clients, maybe patients or donors, and so on. Now it’s time to start listing the different kinds of personal information that you store for these different groups. It’s important to note: Anything that can be used to identify a person is considered personal information. That means anything from emails to social security numbers to credit card information should go on this list. While you’re at it, make a note of any data or data storage systems (Cloud Storage, perhaps) that your business could not function without.
2. What’s the Worst that Could Happen?
This step is more than a little morbid, but unfortunately, it’s also more than a little necessary. With your list in front of you, take a second to think about what could happen if that data found its way into the wrong hands or even simply found its way out of your hands.
Here are a few common examples:
A company that stores credit card information gets hacked and loses it all.
A company email gets phished and used to trick employees or clients into wiring money.
Several clients are relying on services, but due to some kind of hack or glitch, a business is not able to get the data needed to deliver on the job.
The company social media account gets hacked and used to send all manner of unprofessional messages.
Not particularly fun to think about, but it’s probably not too difficult to come up with quite a few worst case scenarios.
3. Is It Worth It?
The last question may take a little math, but it’s important. Cyber Liability Insurance does cost money after all, so any smart risk manager would tell you that you need to figure out how much that “worst case scenario” risk would actually cost before you decide to go out and buy insurance for it.
Of all your answers from Question #2, pick the scariest one, and try to figure out all of the costs that your business would have to cover if it actually happened. Try to keep in mind things like missing business income if it would cause you to shut your doors for a period of time or lawsuits that inevitably come with leaked info. If you want more information on how these things usually go, just go to Google and type in “cost of a cyber liability claim.” Studies have shown that, all in, the price tag on the average cyber liability claim comes in well over half a million dollars, but obviously that number can fluctuate wildly depending on your answers from the previous questions.
Once you have a rough answer for question #3, the answer to our larger question should be fairly obvious. If the final number that you came up with doesn’t seem too daunting, then there’s a good chance that cyber liability insurance is not for your company. However, if this was a mostly unpleasant exercise and you don’t feel very comfortable with your answers, then it’s probably time to talk to someone. Here at Whiteboard, our door is always open if you want to start the conversation or get a second opinion on your cyber exposure.