Cybercrime is real and it's only a question of time before your business feels its effect. Any business that accepts credit card payments, utilizes social networking, has a web site, stores personal information on its employees, conducts business on the internet or is using technology to conduct and advance their business is at risk. This risk can be significant and is most likely uninsured.
In an article published by Rueters news service on March 24, 2010, Inside a Global Cybercrime Ring, they tell the story of Innovative Marketing Ukraine. This company employed hundreds of computer geeks, most of them putting themselves through college, crammed into three floors of an office building churning out code at a frenzied pace. They were creating some of the world’s most pernicious and profitable computer viruses. In a rare victory in the battle against cybercrime, the company closed down last year after the US Federal Trade Commission filed a lawsuit seeking its disbandment in US federal court. However, it is estimated that in 2008 Innovative Marketing had revenues of $180 million selling programs in two dozen countries.
Being a victim of a security breach will take most businesses by surprise. In fact, most small to medium size businesses convince themselves that they will fall under the radar of cyber criminals. The reality is that most are at a greater risk since they usually lack the resources and finances to implement and maintain adequate security measures. They are also frequently lax when it comes to enforcing security protocols within their organization. Having a disaster plan to respond to a breach is rare but may be one of the most important policies for a business to have readily available.
Responding to a security breach can be expensive and may, in fact, drive some businesses to the brink of bankruptcy. Unbudgeted and unforeseen expenses will include the forensic expense to determine the cause and scope of the breach, notification expenses, credit monitoring, call centers, identity restoration and public relations.
Do not expect traditional property and liability policies to respond to cyber losses either to your business or to your customers. Losses of this type were not anticipated at the time these policies were drafted and therefore are not covered under either the definition of property or cause of loss. Many insurers are specifically excluding cyber losses so that it is clear that the insurance company will not respond to these claims.
Here are 5 tips you could do for your business right now to reduce your risk of being a victim of cybercrime:
- Develop a security policy and communicate/educate users on your security policy
- Implement sound password and encryption
- Utilize security software and conduct penetration tests
- Develop a network breach disaster plan
- Ensure that you have the proper insurance coverage to protect you in case of a security breech
As part of a risk evaluation at R&R insurance we will work with your organization to assess your risk and design an insurance program to address the exposures of your business operations. The insurance industry has approximately 200 different policy forms available to protect businesses. It is important to understand your risk and how your insurance carrier will respond on your behalf when cyber criminals strike. Contact a knowledgebroker today!
