Data Security and Cyber Insurance: How to Protect Your Business
By Colleen Woods-Esposito
What is data security?
Data security means protecting your digital data from accidental loss or corruption, or from the unwanted actions of unauthorized users via a cyberattack or a data breach.
Protecting your personal data is often straightforward, and can usually be done by backups, installing protective software, password protection, avoiding insecure sites and free WIFI connections, and other precautions. But if you own a business, protecting your data can be more complex. Even with the most sophisticated software and backups, data can still fall prey to malevolent acts and human error. This loss of company data can result in huge financial losses, lost business time, and lawsuit vulnerability.
What are some scenarios that can cause business data breach, loss, or compromise?
Your business data can be compromised in many ways, with thieves becoming savvier as new technologies emerge. There are four major ways data is usually breached: through Malware, Phishing, Man-in-the-Middle attacks, and Ransomware extortion. Some examples of how these are used include:
- An employee clicks on a link in a sales email that installs a virus that in turn corrupts your customer files
- You are forwarded an outside email attachment from a trusted source that unknowingly installs malicious code into your database and steals your customer’s sensitive information
- A vendor is provided sensitive business data through a VPN server that is not secure
- A “key” or “thumb drive” obtained at a conference is installed onto a company laptop that contains malevolent code
- A malicious party installs code that encrypts your data, leaving you unable to access it, and will not remove the encryption until a ransom is paid by your business
- Your credit card processing software gets hacked, leaving the data of your customers vulnerable
Would my company be a target for a malicious data breach or cyber attack?
Any business storing customer data is at risk. If you collect payment methods, email addresses, or physical addresses, you are at risk. If you store Social Security numbers, banking information, or tax information, you are especially at risk, because these data can easily be used in identity theft. And if you store the data of other businesses, you leave them at risk as well.
Does business insurance protect my data?
Your general liability insurance generally excludes any type of coverage for cyber events, but many carriers offer it as an add-on to your current policy. But generally, higher amounts of cyber insurance require you to purchase a separate policy.
What are the different types of cyber Insurance?
There are two major types of cyber insurance: first-party and third-party or liability, each protecting your business under different circumstances.
First-party cybersecurity insurance covers things such as investigating the incident, risk assessment to avoid future incidents, revenue loss due to business interruption, ransomware attack extortion payments (based on your coverage limits), customer notification about the incident, and providing affected customers with credit monitoring or other anti-fraud services. The most common form of first-party cybersecurity coverage is data breach insurance, addressing the most common way that business data is compromised.
Third-party liability insurance protects you if you are sued by a third party as a result of damages from your cybersecurity incident. It generally covers legal fees (such as attorney payments and court proceedings), settlements, court judgments, and regulatory fines for noncompliance.
Can I get help choosing the right coverage for my business?
If you have a business, data security measures and cyber insurance options can often be complex, causing difficulty when business owners must decide which coverage is needed. Esposito Insurance Group offers expert advice to guide you on choosing a plan that fits your business needs. Call or text us to discuss your options.