Firms of all sizes are potential targets for cybercrime, including contractors.
Most of you have heard of the recent ransomware hacking attacks against the Colonial Pipeline, CNA Financial Corp., and The Steamship Authority. It seems this problem has outpaced any company’s ability to prevent it. CNA paid a ransom of $40 million, larger than any previously disclosed payment to hackers. The average payment in 2020 was $312,493, according to Palo Alto Networks, a leader in global cybersecurity.
The larger payments make the headlines, but many people don’t realize that smaller firms are actually attacked with surprisingly high frequency. One insurer noted that 43% of data breaches worldwide occurred in businesses with less than 250 employees. Having less sophisticated protection for their systems they are more vulnerable to attack. The hackers look for the weakest links and access points, such as vendor networks like the HVAC contractor through which hackers gained access to the retail giant Target Corporation. Hackers sent a phishing email with a malicious link to the HVAC contractor which had access to Target’s network for billing, contract submission and project management.
Virtually every firm has exposure to computer attacks and viruses that not only cause loss of function and access to networks, but also the loss of sensitive customer and employee data. If you collect personal information such as banking, medical, payment card, social security numbers, driver’s licenses, and other sensitive customer and employee information you are exposed to cyber and privacy liability.
Not only are the number of attacks increasing, but so are the costs associated with the data breaches and other cyber crimes. As cybercrime grows so does the need to be insured to limit that risk, but coverage is not provided by your standard property or general liability policies. A Cyber and Privacy Liability policy is needed.
Though there are many different policy forms, a Cyber and Privacy Liability policy typically has several layers of protection such as:
- Privacy Liability –protects against unauthorized release of Personal Information and corporate confidential information
- Network Security Liability –protects for allegations of inability of an authorized third party to gain access to your system. Failure to prevent unauthorized access or communication that results in corruption. Your failure to prevent sending malicious code from your system to a third party
- Media Content Liability –covers against allegations of defamation, libel, slander, emotional distress, invasion of privacy, copyright & intellectual property infringement (patent excluded) in your media content in electronic (website, social media, etc.) or non-electronic forms.
- Privacy Regulatory Claims Coverage –legal defense and the resulting fines from claims alleging a privacy breach or a violation of a Federal, State, local or foreign privacy regulation.
- Security Breach Response Coverage –reimburses for costs incurred such as hiring a public relations consultant to mitigate damage to your brand. IT forensics, customer notification and 1st Party legal expenses to determine obligations under Privacy Regulations. Credit monitoring expenses for affected customers
- E-Business Interruption –lost earnings and expenses due to security breach that disrupts computer system or ability of an authorized 3rd party to connect and restoration costs to restore or recreate digital assets to their pre-loss state (data loss).
- Cyber Extortion (Ransomware) –expenses and payments to a harmful 3rd party to avert threatened potential damage such as introduction of malicious code, system interruption, data corruption or destruction or dissemination of personal or confidential corporate information.
- Cyber Deception (Social Engineering) –covers loss of insured’s funds when hackers purporting to be clients or coworkers deceive you or your employees via phone or electronic communication into sending money to a fraudulent account.
- Funds Transfer Fraud –hackers gain access to your network and send instruction to the bank (pretending to be you) to wire money to fraudulent accounts, without your knowledge or consent.
Again, policy forms vary. Some of the coverages summarized above may not be available or may be optional depending on the policy form. The terms, conditions, limitations and exclusions of the actual policy would apply.
Please give us a call if you would like a premium indication for this important coverage on a policy that will afford the best value for your specific needs.
DeSanctis Insurance Agency, Inc.