Cyber Insurance for New York City businesses
You don’t have to be a big bank to be a target for cybercrime. If you have data (and who doesn’t?) you’re at risk. And your odds of exposure are increasing. Every day the news tells us of yet another data breach: credit card numbers, health data, social security numbers. You also face cyber exposures beyond the sophisticated hacking incidents in the headlines, including human error and rogue employees. Without cyber insurance, recovering from these incidents can be near-impossible.
What is Cyber Insurance?
There is no singular definition since cyber policies can include everything from identity theft to cyber extortion, data breach, cloud data breach, and credit card fraud. But in general, cyber insurance covers your business for risks relating to information technology infrastructure and activities, and from data breaches involving sensitive customer and employee information such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers, and health records. Insurance companies continue to update policies as new threats emerge and hackers evolve quickly.
Depending on your industry, you may need all of these or only some. HCP can help you examine your risks and help you decide which coverages are right for your business. For instance, Chubb reports the healthcare industry experiences more cyber claims due to human error, while retail businesses experience more claims due to hacking.
Which businesses need Cyber Insurance?
Almost all. If you have an online form fill, conduct credit card transactions, handle medical information, or store customer data digitally, you’re at risk. Many small businesses assume they’re too small to be noticed by cyber predators and don’t need insurance, but the truth is, you’re an inviting target. Cybercriminals are drawn to small businesses since they are less likely to have a strong defense against hackers, and are more likely to store customer information, and conduct business online.
Some industries are inherently more at risk. A recent report of cyber incidence by industry shows:
- Healthcare – 38%
- Professional Services – 16%
- Technology – 12%
- Retail – 11%
- Education – 8 %
- Financial Institutions – 7%
- Travel & Hospitality – 6%
- Public Entity – 2%
Remember, cyber attacks include more than faraway Russian hackers. Claims can be triggered by:
- an employee mistake
- a disgruntled/fired employee
- unauthorized access by a vendor
- a stolen laptop / device
- an unshredded document
- human error
Why do I need cyber insurance?
The short answer: major fines, legal fees, headaches. The costs you can incur in responding to a cyber incident can include legal, forensics, security audit, notification, credit monitoring and PR/crisis response. The forensic exam alone can cost $20,000-$50,000 to determine what was stolen and who was affected. Cyber insurance can help cover those costs, which are not covered by general liability policies.
What’s more, New York state has strict regulations governing how and when you have to notify customers of a breach involving personally identifiable information, adding to your recovery costs.
NYS Information Security Breach and Notification Act:
In addition to notifying customers, persons or businesses conducting business in New York must disclose any breaches of computerized data which includes private information by notifying the offices of the New York Attorney General; the NYS Division of State Police; and the Department of State’s Division of Consumer Protection.
And even though most states don’t require companies to offer free credit monitoring following a breach, the offer goes a long way for customer relations. If you’re breached, chances are customers will opt out of doing business with you if you mishandle this situation and new customers will be wary.
Lastly, a data breach can damage more than just your systems, it can damage your brand and your reputation while putting your customers and/or employees at risk. Bottom line: cyber insurance is a smart precaution for any size business.