Cyber Insurance 101: How to Protect Yourself and Your Clients
By Chrissy Kretchmar, Senior Commercial Account Manager
As more employees work from home, they become more susceptible to cybercrime.
It’s crucial for individuals and companies to protect sensitive digital information. Vigilance is an important safeguard against a cyberattack.
Most of us have taken a course or two on how to protect data, but what happens when that is not enough? The good news is that you can protect yourself and your client by securing a standalone cyber liability policy. In this article we will discuss what a cyber policy is, why you need one, and how to get a policy.
A cyber liability policy is a standalone policy that protects you and your company in the event of a data breach. This means you are protected if confidential information is compromised and could be used as ransom or to commit identity theft.
Once a company has been breached, it’s a race against the clock to mitigate the damage and it can be costly. This is where the cyber policy comes into play. Some coverages may be subject to a deductible, but they can prove valuable in recovering some of the financial loss from an attack. Not only do most policies offer coverage for legal fees and expenses, they may also cover costs of:
- Notifying customers of the data breach
- Restoring personal identity of those clients affected
- Recovering compromised data
- Repairing damaged systems
However, what happens if there is a breach and you don’t realize it until much later? Many cyber policies are “claims-made” policies. That means that even if you had no knowledge of a breach when it occurred, there may still be coverage once the issue has been discovered. Cybercrime can be an expensive loss, not only for your bottom line, but also for your reputation. You want your clients to trust that you are taking the precautions necessary to secure their personal data.
Agencies are a prime target for cyber scams because they are typically smaller companies without sophisticated software that can help prevent an attack. As an agent, you are entrusted with substantial client information, such as Social Security numbers, credit card numbers, bank accounts and email addresses.
Due to the increase of personally identifiable information (PII), the federal government has established State Compliance Offices to ensure that an agent’s office has systems to protect this information. If an agency is not adhering to regulations, it can face large fines.
Payment Card Industry (PCI) also issues fines and penalties if an agency or firm is found to be non-compliant with their standards at the time of a breach. Most errors and omissions or professional liability policies do not include coverage for this type of loss.
Cyberattacks can shut down, disable or corrupt a computer system. A policy may include “business interruption” while these systems are being restored. An important coverage that cyber may include is liability to the clients in the event of a third-party vendor breach. There may be coverage for the breach regardless of where it originated.
Two claim scenarios illustrate what can happen in a cyberattack:
- When a popular platform providing tax and accounting software was hit with a malware attack, it caused massive business interruption for the top 100 accounting firms in the U.S. and many others. The firm had to disable its communication channels to stop the virus from spreading, causing even further panic. Ultimately it provided a big wake-up call for many. CNBC.com
- Apex Human Capital Management was the victim of ransomware in early 2019, completely shutting down services for hundreds of small and mid-size businesses that use their software. In the end, Apex decided to pay the ransom to have their systems brought back online. Krebs on Security
WRC Agency offers a selection of policies with various carriers that provide cybercrime protection. In many cases, the underwriters only need a few pieces of information to produce an accurate and competitive quote.
Sometimes this policy can be packaged with other coverages, such as professional and general liability. WRC Agency offers many options for coverage that will satisfy PII and PCI compliance regulations. Reach out to your new and existing clients to let them know about these coverages.