Business owners know insurance is a necessity in the event of an accident or loss. While most of us have insurance to cover us in the case of flood, fire, or theft, many businesses are still not covered for a loss created by a breach or other cyber incident.
In today’s modern business world, the average data breach takes only minutes to execute, months to identify and contain, and can cost millions; businesses need cybersecurity insurance. Such insurance covers incidents resulting from employee identify theft, ransomware, theft of information, and much more. Below are a few reasons you should consider obtaining such coverage for your business along with recommendations by Dox Electronics security experts for insurance companies that offer cyber policies.
Facing the Constant Threat
Businesses are constantly bombarded by digital threats, attacks by cybercriminals and inside actors, and are put at further risk thanks to unassuming employees. According to the 2019 Cost of a Data Breach Report produced by the Ponemon Institute for IBM, the average total cost of a data breach is now $8.19 million with an average of 25,575 records stolen in each attack. That equates to a cost of $242 per lost record. What’s worse, the same report demonstrated that it took businesses 245 days on average to identify and contain a breach.
Additionally, the chance of any business experiencing a data breach within two years was 22.6 percent in 2014 and that increased to 29.6 percent in 2019, according to the Cost of a Data Breach Report. In the span of six years of this study, “the likelihood of experiencing a breach within two years grew by seven percentage points (700 basis points), representing a 31 percent increase in the odds of experiencing a breach within two years. In other words, organizations in the 2019 study were nearly one-third, more likely to experience a breach within two years than they were in 2014.”
Employee Identity Theft
When one of your employees experiences identity theft, it can create serious issues not only for them but for your company as well. Not only does it create personal stress for your employee which can lead to lost productivity, but it can lead to data loss within your business if their company credentials are stolen.
As a result, many companies are now adding the added benefit of identity protection for their employees. This is a smart move since it will alert your employee, who can notify you if their personally identifiable information (PII) has been compromised. This is especially important for employees working in government jobs, manufacturing, finance, and aerospace.
Malicious Theft of Information
According to the aforementioned Ponemon Institute research report, 51 percent of all breaches were committed by cybercriminals using ransomware, malware, or a virus or was caused by a malicious insider.
“Malicious attacks were the costliest, with a per-record cost that was 25 percent higher than breaches caused by human error or system glitches,” according to the report. “Malicious attacks have increased as a share of breaches, up 21 percent between the 2014 and 2019 studies.”
The problem with malicious attacks is that it typically takes substantially longer to identify and contain this type of breach, according to the Ponemon research. The 2019 report shows that it took a combined 314 days for a breach lifecycle to be completed which means the bad guys have plenty of time to steal and keep stealing your valuable data. This extended theft explains why breaches caused by malicious attacks were 27 percent more costly than breaches caused by human error ($4.45 million vs. $3.5 million) or those caused by system flaws ($4.45 million vs. $3.24 million).
Following Insurance Company Guidelines
The great news is that there is insurance coverage to help protect your company from loss caused by malicious attacks, employee error, and system errors. You just have to ensure that you’re adhering to your insurance company’s guidelines.
Most insurance companies that offer such insurance protection require that you have certain cybersecurity controls in place such as continuous system monitoring, email security, and attack tracking for liability purposes. Your company may be asked to undergo a cybersecurity risk assessment before coverage may commence determining if there are holes in your system security. No one is completely resilient so it’s best to know where your risks are, which is where a risk assessment can help.
Dox Electronics offers such cybersecurity risk assessments to help you identify security issues that can lead to a breach as well as how to plug any holes. Dox can also assist and support your business 24-hours-a-day, seven-days-a-week with services and solutions to achieve your insurance company’s guidelines while protecting your company’s valuable data.
The Major Costs of an Attack
There are four parts of a cyberattack that cost your company money. First, there are the costs associated with the detection and escalation of a breach. This may include forensic and investigative activities, assessment and audit services, and crisis team management, among others.
The second cost comes from notifying individuals or clients who had their data compromised in the breach. This cost comes from sending out letters, emails, outbound telephone calls, or general notices about which data or personal information was lost or stolen. Additionally, there are costs associated with communicating with regulators, determining regulatory requirements, and the engagement of outside experts such as attorneys.
Another cost comes from your post-breach response. Processes that you set up to assist your clients, staff, or others whose information was compromised can be quite costly. This might range from credit report monitoring and identity protection services to help desk and legal expenditures among other costs.
Finally, breaches can cost your company lost business. Not only is there a cost to your business in the disruption of regular work but there may be downtime associated with the breach. For example, if ransomware has invaded your system that keeps your employees from working as the system is repaired, that can be an issue. The cost of lost customers and the lack of new clients due to a damaged reputation can lead to financial losses as well.
Coverage for Business Data
Dox has worked with many clients that have been subject to breaches that have led to varying amounts of financial loss as a result. For example, one client that brought Dox on post-breach saw losses of $100,000 per day. In situations like this, cyber insurance, which has become more popular in the last five years, comes in handy. If your company were to experience a breach today, would it be able to recover its money?
Another thing to consider is having the right amount of coverage, especially with breach costs increasing year over year. For example, we know of a client’s customer that experienced a loss of $80,000 by sending a bad wire transfer. While that company did have cyber insurance, it was only covered for up to $10,000. Be sure to talk with your agent to determine what amount of coverage would be best for your organization.
Dox Electronics highly recommends purchasing cyber insurance for your company. While costs vary, such insurance will pay for itself in the event of a breach. Just consider the financial losses associated with lost or stolen client information.
The cyber insurance company Dox recommends is TechRug. Not only does TechRug offer clients one-of-a-kind Cyber Liability Errors & Omissions (E&O) Insurance Policies that can’t be found anywhere else, they are also a top-rated carrier. Their insurance policies help protect your company from lawsuits and claims that may arise as a result of a data breach. Additionally, they offer a proprietary pricing model to aid companies in acquiring affordable coverage.
If you have more questions about cyber insurance, how it may benefit your business, or continuous cybersecurity services for your business, contact Dox now at (585) 473-7766.