A cyber attack can take many forms, and businesses of all types and sizes are at risk. You may remember one of the worst data breaches on record when in 2017, credit bureau Equifax exposed the personal data and social security numbers of up to 145 million people and cost the company upwards of $700 million in penalties and compensation. That may be an extreme example, but according to a 2018 study by the Insurance Information Institute (I.I.I.) and J.D. Power, one in ten U.S. small businesses (most with fewer than 50 employees), had been affected by a cyber incident, but only 31 percent of them have cyber insurance. The average loss of these breaches was $188,400. Moreover, half of confirmed data breaches target small business and 60% of these fail within six months of the breach.
These types of attacks on small businesses can range in scope and damage; from hacked email accounts, to unauthorized wire transfers and credit card fraud, to personal data breaches and identity theft.
Consider these real-life cyber claim scenarios:
- A residential contractor became the victim of a social engineering attack and wired $35,000 to criminals after receiving fraudulent instructions, believing them to be a vendor.
- An employee of a professional services firm had a laptop stolen during a work conference. The laptop contained sensitive client information. The computer was password protected but information was not encrypted. The incident cost the firm more than $20,000 in forensics and notification expenses.
- A restaurant in Washington was notified of a breach by MasterCard due to a high level of fraud committed on customer credit cards who patronized their business. They were required to immediately undergo a forensic examination, costing $11,646.90. Six months later, MasterCard fined the restaurant $26,242 for Fraud Recovery along with an $8,000 Case Management Fee. Two months after that, Visa assessed a non-compliance fine for $5,000. The restaurant had a total cost of $50,888.90 due to this breach.
Sean Kevelighan, CEO of I.I.I. says “Understanding your business’ risks and taking proper precautions means a small business can spend more time charting its progress than responding to unforeseen emergencies. In particular, the growing threat of cyber intrusion on small businesses is growing rapidly.”
For this reason, NREIG is pleased to partner with AMWins Cyber and North American Data Security Risk Purchasing Group to offer the Enterprise Pro Cyber Liability Program which protects businesses for the cost of an actual or suspected breach that results in the unauthorized release of protected personal identifiable information (PII).
What does cyber insurance cover?
- The cost to respond and recover from a data breach – This includes legal fees and fines or penalties, as well as expenses related to: forensic examination or investigation, data recovery, notification of those affected by a breach, crisis management, and public relations.
- Recovery of funds stolen electronically or through fraudulent instructions
- Ransom payment if your computer(s) is/are encrypted
- Business interruption losses related to expenses or lost revenue resulting from a breached system
Why do you need to consider cyber insurance?
Almost every business stores or collects sensitive data, and is legally responsible for protecting any information collected. As a landlord or property manager, you may manage tenant leases, background checks and collect rent through an online system. If you are a lender, you store personal information about your clients. Flippers may pay contractors through wire transfers. Most certainly, you rely on a computer system or network to conduct day-to-day business using email and web browsing.
These tools and practices are crucial to profitably and efficiently managing your business, but leave you open to a potential breach. Through North American Data Security RPG, you just answer a few simple questions to qualify and enroll immediately. The platform also offers an education risk module and access to a 24/7 breach response team.
Learn more about this Program and enroll here.
This policy is underwritten by AXIS Insurance Company, an A+ rated insurance carrier by AM Best and facilitated through the North American Data Security RPG master policy, a risk purchasing group registered in all 50 states and the District of Columbia. Excluded business classes: (a) Banks, (b) Credit Unions, (c) Payment Processors, (d) Gambling Organizations, (e) Online Adult Industry, (f) Social Media/Networking Firms, (g) Cloud Providers (h) Federal and State government agencies (I) Municipalities (J) Franchise (K) Cryptocurrency (L) Marijuana Dispensary
Note: This piece is not to be construed as contractual. Applicable language specific to your policy supersedes it. Information contained in this post is intended to provide you with a brief overview of the coverages provided for reference purposes only. It is not intended to provide you with all policy exclusions, limitations and conditions.