“My data is not important enough for anyone to want to steal it,” is a common statement for small business owners. But what most people frankly misjudge, is the data does not have to be valuable to a hacker. It only has to be valuable to YOU. Taking no action to secure the network and train the staff on cybersecurity awareness leaves the average small business owner a sitting duck.
And then there’s the small businesses who have a true compliance mandate to protect their data - Any company that handles, maintains or processes Personally Identifiable (Driver’s License Numbers, Social Security Numbers, Dates of Birth, Email Addresses and more) or Protected Health (Account Numbers, Medical Record Numbers, Insurance Beneficiary Numbers and more) Information needs their own Cyber Data Breach Insurance to protect their organization against claims arising out of theft of hardware, lost or stolen laptop or device, a rogue employee and other causes of loss.
The applications are daunting. The decisions between which policy add-ons make sense or don’t apply to your business, can feel like you’re planning for Armageddon – the process is laborious and requires a lot of detail. Because if you just check the boxes “yes” on the IT infrastructure questionnaire, then it turns out (in a breach) the answer should have been NO, chances are high that the policy will not pay out.
Three Things to Be Aware of in the Fine Print
There are several issues you need to be aware of when you buy a cyber security policy, or when you review your existing policy:
- Is a known vulnerability that you have not patched a pre-existing condition? This is pretty critical to pay attention to, as the tolerance for what is considered “patched to the most recent standards” varies from carrier to carrier.
- Should an un-patched system be covered under a clause for errors and omissions? Most likely, it is not.
When an employee falls for a phishing attack which infects the network, or CEO Fraud (paying money to a fake recipient after being tricked in an email interaction) is that covered? Again, most likely not, in the standard policy. These are policy add-ons that need to be purchased, in most circumstances.
"Different policies will respond in different ways on what is covered and what is not," means you need to have your legal and IT department look into this carefully.
We can help you navigate this landscape, secure a new Cyber Liability policy and reduce the premiums, in some cases.