Having valuable client information stolen is so pervasive that cyber liability insurance is now as important for small businesses as property and liability insurance, according to E.G. Bowman Co., a minority-owned independent insurance brokerage in New York City.
“A data breach can damage a small business far more than a big business, because there are fewer resources and employees to handle the fallout,” says Elizabeth Sullivan, vice president of E.G. Bowman. “It can put you out of business.”
Any firm that has a website, uses social media, or stores customers’ personal records in its computers is vulnerable to a cyberattack. “If your business has a computer, you probably need cyber insurance,” Sullivan adds. Founded in 1953, New York-based E.G. Bowman offers all types of commercial and personal insurance.
Like other types of business insurance, cyber insurance pays for a lawyer to defend the business in a lawsuit and money to cover losses. But it does much more, such as—
- Handling customer calls. If customer information is hacked, the business might get hit with a deluge of phone calls that would tie up the staff for weeks. Many insurers provide a dedicated call center so that customers can call there instead to have their problem resolved.
- “Meeting regulatory and compliance issues and performing identity restoration after a breach could tie up a business for weeks,” Sullivan says. “That job can be transferred to the insurance company via your policy.”
- Social media liability. A hot-headed employee might slander someone on Facebook or Twitter. Libel and slander on social media isn’t covered by most standard business policies. Cyber insurance generally does.
- Data recovery. A virus could destroy the business’s software and data and infect customers’ computers. The policy pays for the cost of restoring the computers or buying new ones.
- Crisis management. Cyber policies usually provide money to hire a public relations firm to help protect the firm’s reputation during a crisis.
- System monitoring. At least one insurer provides a free monitoring application with its policy. The app monitors the customer’s computer system 24/7 and sounds an alert when a breach occurs.
- Paper files. Most cyber policies cover electronic and physical records. For instance, if the business has a printed list of clients’ Social Security numbers and the list is stolen, the policy would cover the costs of notifying customers since criminals could use the information to steal identities online.
Before 2014, Sullivan notes, clients resisted the idea of buying cyber coverage because they thought it couldn’t happen to them. But after massive data thefts at Home Depot, Target, and other large retailers, business owners started to realize they needed cyber coverage.
The best place to start shopping for it is the business’s current insurance company. “This gives you a little more leverage to negotiate a multipolicy discount,” she explains. “But if your current carrier or broker doesn’t seem to be doing the job, shop around.”
Small businesses usually have modest profit margins, and it’s difficult for them to spend more on insurance. “But cyber criminals are relentless and smart. Sooner or later, almost every small business is going to face some kind of breach or attack,” says Sullivan.
The cost of cyber insurance varies greatly by the size and type of business. It can raise the cost of the business’s property/casualty coverage up to about 20%, but it is usually less.
Source: E.G. Bownam. A version of this story appeared on insurancenewsnet.com