If you’re in business,you’re a target.

What is Cyber Insurance?

There is no singular definition since cyber policies can include everything from identity theft to cyber extortion, data breach, cloud data breach, and credit card fraud. But in general, cyber insurance covers your business for risks relating to information technology infrastructure and activities, and from data breaches involving sensitive customer and employee information such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers, and health records. Insurance companies continue to update policies as new threats emerge and hackers evolve quickly.

Depending on your industry, you may need all of these or only some. HCP can help you examine your risks and help you decide which coverages are right for your business. For instance, Chubb reports the healthcare industry experiences more cyber claims due to human error, while retail businesses experience more claims due to hacking.

Which businesses need Cyber Insurance?

Almost all. If you have an online form fill, conduct credit card transactions, handle medical information, or store customer data digitally, you’re at risk. Many small businesses assume they’re too small to be noticed by cyber predators and don’t need insurance, but the truth is, you’re an inviting target. Cybercriminals are drawn to small businesses since they are less likely to have a strong defense against hackers, and are more likely to store customer information, and conduct business online.

The number of attacks on small companies with fewer than 250 employees rose from 43% in 2015 to 58% in 2020.

Some industries are inherently more at risk. A recent report of cyber incidence by industry shows:

Healthcare – 38%

Professional Services – 16%

Technology – 12%

Retail – 11%

Education – 8 %

Financial Institutions – 7%

Travel & Hospitality – 6%

Public Entity – 2%

Remember, cyber attacks include more than faraway Russian hackers. Claims can be triggered by:

an employee mistake

a disgruntled/fired employee

unauthorized access by a vendor

a stolen laptop / device

an unshredded document

human error

Why do I need cyber insurance?

The short answer: major fines, legal fees, headaches. The costs you can incur in responding to a cyber incident can include legal, forensics, security audit, notification, credit monitoring and PR/crisis response. The forensic exam alone can cost $20,000-$50,000 to determine what was stolen and who was affected. Cyber insurance can help cover those costs, which are not covered by general liability policies.

What’s more, New York state has strict regulations governing how and when you have to notify customers of a breach involving personally identifiable information, adding to your recovery costs.

NYS Information Security Breach and Notification Act:
In addition to notifying customers, persons or businesses conducting business in New York must disclose any breaches of computerized data which includes private information by notifying the offices of the New York Attorney General; the NYS Division of State Police; and the Department of State’s Division of Consumer Protection.
https://its.ny.gov/breach-notification

And even though most states don’t require companies to offer free credit monitoring following a breach, the offer goes a long way for customer relations. If you’re breached, chances are customers will opt out of doing business with you if you mishandle this situation and new customers will be wary.

Lastly, a data breach can damage more than just your systems, it can damage your brand and your reputation while putting your customers and/or employees at risk. Bottom line: cyber insurance is a smart precaution for any size business.

What are the most common examples of cyber claims?

Chubb and AIG report that ransomware is one of the most common threats plaguing businesses and consumers, with indiscriminate campaigns locking up your servers. And attackers are demanding more and more from victims: average ransom demands increased from US$294 in 2015 to US$1,077 in 2016.

Trojan horse malware, viruses, phishing attacks…the list of possibilities is long, but here are a few common scenarios to get you thinking:

Extortion – You run a U.S. based information technology company and contract with an overseas software vendor. The vendor leaves administrator defaults on your server and exploits the vulnerability, demanding an extortion payment and threatening to post records of millions of registered users for all to see.
Data theft – An employee hears rumors she may be terminated. Before you can fire her, she steals names, addresses, social security numbers and other personal information from customer files, then sells the information to identity hackers.
Hacking – A curious teenager hacks into your servers and steals bank account data from customer files, then sells the information to an internet website which uses it to create false identities.
Fraud – Your manufacturing business receives an email request to pay for raw materials that appears to be legitimate (but it isn’t) and your A/P department transfers $400,000 to them. (The FBI reports thieves had stolen $215 million over a 14-month period using this exact scam.)
Failure to safeguard data – You’re a psychiatrist and your assistant mistakenly throws duplicate records into recycling rather than shredding, exposing medication information of all your patients to a dumpster diver, breaching HIPPA regs and resulting in fines.

Cyber Insurance Quick Facts

These policies can be standalone or an add-on to a BOP, depending on your business.

What does cyber insurance cover?

This can be a far-ranging list, however there are two main categories: first-party and third-party. First-party covers expenses when your network is hacked or your data is stolen. Third-party protects you when a customer or partner sues you for allowing a data breach to happen (either because of something you did or failed to do).

Based on your industry, HCP can help you guide you toward the provisions you should be most concerned about. Generally, cyber insurance can help with:

Fines and penalties
Legal fees and expenses
Notifying customers about a data breach
Restoring personal identities and credit histories of affected customers
Recovering compromised data
Repairing damaged computer systems
Forensic investigation to assess the impact of an attack and stop it.
Business interruption to cover lost income and related costs if you are unable to conduct business due to a cyber event or data loss.
Extortion coverage to investigate threats against your systems and for payments to extortionists who threaten to disclose sensitive information.
Reputation insurance against reputation attacks and cyber defamation.
Data compromise protection which includes credit monitoring and services provided by a public-relations firm.
Third-party coverage for defense and liability settlements you’re obligated to pay after a breach; and electronic media liability for infringement of copyright, domain name, trade name, service mark, or slogan on an intranet or internet site.

What it doesn’t cover

Technology Errors and Omissions, a type of policy designed to cover providers of technology services or products such as data storage companies, website designers, and software manufacturers.

AIG claims experience data shows the top 3 security failures are: 1) external servers with remote access & weak passwords. 2) users clicking on phishing emails. 3) weak log-in protocols.

What other coverages might I need?

Property – no matter if you rent, lease or own your own building
General liability – to cover property damage or bodily injury to others
Professional liability (E&O) – If you offer professional services or regularly give advice to clients.
Workers’ comp – if you have employees
Employment Practices Liability – if you have even one employee
Auto policy – if you have company cars or use your own car for business

Depending on your business, you might need all or none of these. Don’t worry, we’ll examine your risks, see which coverages you really need and offer recommendations to protect your business. Plus, we’ll customize the size of your policy to the size of your business, then review your coverage every year to make sure we keep up with your growth. Anything less and we wouldn’t be doing our job.

In 2019, New York ranked fifth in the top states by number of cyber crime victims, and fifth in number of identity theft complaints.

Why should I choose HCP?

We’re entrepreneurs too and we’ll protect your interests as if they were our own. Honig Conte Porrino has worked with IT risks of all types and we understand the challenges you must overcome to succeed. (We should, HCP has been doing this for more than 100 years!) Whether you’re a retail shop, medical office, or online entity, HCP has the expertise to help you every step of the way.

We’ll pair you with an agent who specializes in your business and can coach you on how to protect against the risks you face. In addition, many of our employees have worked with us 15, even 25 years, and make their career here. You get to work with the same person year in, year out. No need to initiate someone new to how your company works.

Over the past decade, HALF of all cyber insurance claims came from two sources: hacks and human error.

If you’re in business,
you’re a target.

Cyber Insurance for New York City businesses