Mark Pribish

Cyber Insurance Can Reduce Your Small Business Cyber Security & Data Breach Risk

By Mark Pribish
Vice President and ID Theft Practice Leader

On July 26, 2017 the House Committee on Small Business held a hearing on Small Business Cybersecurity Insurance (read full article here).

During the hearing, it was noted that while small businesses rely on information technology more than ever - information technology has significantly increased opportunities for ID theft criminals and cyber attackers.

According to Robert Luft, a member of the National Small Business Association (NSBA) Leadership Council, "42 percent of small businesses surveyed by the NSBA reported being a victim of a cyber-attack, with cyber-attacks costing an average $32,021 for companies whose business banking accounts were hacked, and $7,115 on average for small businesses overall."

The committee hearing evaluated how cyber liability insurance can help small businesses recover from a data breach event and the challenges small businesses face in selecting a cyber liability insurance policy.

Interestingly enough, a May 31, 2017 Insurance Journal Magazine (read full article here) reported that "a full 50 percent of U.S. firms do not have cyber risk insurance and 27 percent of U.S. executives say their firms have no plans to take out cyber insurance, even though 61 percent of them expect cyber breaches to increase in the next year."

At first glance, I believe many companies do not consider cyber liability insurance as a "must-have" type of insurance, such as general liability or property insurance.

In fact, many of the small business owners and small business executives that I have presented to at recent cyber security conferences have told me that their potential cyber exposures are minimal and they believe cyber liability insurance is too expensive.

However, through July 25 of this year, the Identity Theft Resource Center (ITRC) reported that there have been over 850 data breach events, up nearly 30 percent from one year ago (read full article here) and that more than 16 million records have been exposed since the beginning of the year.

How your organization, regardless of size, efficiently and compliantly manages a breach incident response can be the difference between being the next headline news story or going out of business.

As business owners and executives look for new ways to protect their business risks and brand, cyber liability insurance is receiving more consideration as a way to help manage and respond to these risks. This is true regardless of how a data breach occurs, including outside hackers, employees, or vendor relationships ranging from malicious intent to accidental release of information.

The use of cyber insurance communicates to clients, prospects and vendors that your business is serious about managing a data breach event and your commitment to protecting customer and employee information.

Here are three tips to consider when reviewing the option of adding a cyber liability insurance policy:

Work with an insurance broker who understands cyber liability insurance. An insurance broker who understands cyber liability insurance can help educate your business on the different types of cyber insurance policies and validate the need for a cyber insurance policy. A broker can also help you understand business interruption, legal liability, costs to investigate a data breach, notification to victims and defend/settle class-action lawsuits, including regulatory enforcement actions and fines.

Data breach assessment. Your business needs to evaluate its overall risk of experiencing a data breach and the type data you collect, store and transmit. Here are some questions to ask when considering cyber insurance: What type of industry are you in? What is the type and volume of data that your company collects, uses, stores, and transfers? What is the prominence of your brand? Are your technology and information security and governance best practices up to date? Are mobile devices an integral part of your business? What are the total number of vendors and third-party contractors with access to your company's sensitive data?

Learn about cyber liability policy exclusions and endorsements. Not all cyber insurance policies are created equal. Ask about retroactive coverage for "prior, unknown data breaches." Ask about coverage that includes "loss of data" versus only "theft of data." If your business acts as a vendor or third party contractor for other businesses, ask about your cyber coverage that includes liability to cover your business clients.

The reality is, the challenges of a data breach event can include navigating a complex patchwork of federal and state breach notification laws, and most small businesses lack the financial and human capital to respond.

Cyber insurance can support your risk-management objectives, but it can also be a competitive advantage in differentiating your business from the competition.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert: Don't Fall for Lower Energy Bills Con

It's the middle of summer, and much of the US and Canada is running their air conditioners to beat the heat. But these cooler homes translate into higher electricity bills. Scammers use this opportunity to tempt consumers with the promise of lower energy payments. Don't fall for this con.

How the Scam Works:

You get a call from someone claiming to represent a local energy company or government agency. This "representative" says that they are part of a program to help homeowners lower their energy bills. The details vary; this "program" may involve registering for tax credits, enrolling in an alternative energy program, or signing up with a competitive energy supplier.

Be sure to do your homework before accidentally falling for a scam! In some cases, con artists want to enroll you in a non-existent program or sign up for tax credits, which requires you sharing personal information, such as your Social Security or Social Insurance number. This opens you up to the risk of identify theft. In other versions, the "program" involves paying upfront for future energy savings that never materialize.

Tips to avoid an energy bill scam:

Here are some tips for spotting scams that claim to help you lower your energy bills:

  • Verify the program before enrolling. Before you sign up, confirm that you are dealing with a representative of a real program. Call your energy company or government agency using the number on their website or your energy bill.
  • Understand your energy options: Some municipalities in the US and Canada now allow "competitive energy suppliers," (List of US state laws) alternatives to traditional utility companies that may be able to offer a better rate on your energy bills. But like any opportunity, be sure you understand the terms of the new contract and how it differs from your existing one.
  • Check out BBB Tips: Many scams use similar techniques, see bbb.org/utilityscam/ and bbb.org/grantscam/ for more advice.

For More Information:

The American Collation of Competitive Energy Suppliers provides resources for consumers to evaluate competing energy company offers.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scamstopper). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker). To learn more about scams, go to BBB Scam Timps (bbb.org/scamtips).

If you believe your identity has been stolen, call 866.SMART68 today.