Business Is Changing
The blend between a technology company, and just a plain old company is getting grayer and grayer.
Almost every business relies on some sort of technology. Whether it’s an insurance agency with an enterprise wide agency management, a doctor’s office with a patient management system, or a distributor with an order tracking system, they all “log in” every day to perform basic business activities.
What happens when this “business as usual activity” is interrupted by a hacker, “bad actor”, or “cyber” criminal? We’ve all seen the headlines. Equifax, the city of Baltimore, Target, Under Armor, the list goes on.
We think, “data breaches are only for huge, publicly traded companies”, or “I don’t take credit cards” or “my business isn’t in healthcare or finance, so no one wants so steal my data” … “so I’m not worried about a data breach.”
IT service companies, provide great advice, technology, and services to put in place strong passwords, multi-factor authentication logins, employee cyber security training, and backup plans. However, even with the best data security tools and protocol, an employee may click on a phishing e-mail opening up your system to hackers. Worse yet, a new financial controller could wire funds to a vendor requesting payment, but really the funds aren’t going to the vendor, they’re going to a bank account overseas.
Unfortunately, the more successful your company, the more it attracts the attention of dishonest people whether employees, vendors, or outsiders. There are two main problems with responding to a data breach if and when one happens: 1) Who do you call?, and 2) How do you pay for it?
Where Do You Turn?
Say your house floods, you know you need to call a restoration company to remove the water, throw out damaged property, dry out the space, perform mold removal work, and replace drywall. Most of us are familiar with how to find the right contractors.
But what happens if your company has a data breach, no one can send invoices, check e-mail, or “log in”. You’re dead in the water. Who do you call?
First you need to figure out what happened with an EXPENSIVE data forensics specialist. They tell you how the system was hacked, and what was taken. Think about your lawyer’s hourly rate, now double it.
You also need to notify those impacted such as patients, customers, and vendors likely through a notification service provider. In addition to notifying them, you also have to offer credit monitoring to those affected. Additionally, data breach legal services are needed to mitigate any lawsuits from regulators or customers.
At the same time, if the local news channel catches wind of your breach, you may need a Public Relations firm to smooth things over with the public, protect your reputation, and avoid losing your customers.
So What Can You Do?
If you could push the bill for all of these data breach service providers onto someone else’s lap, why wouldn’t you? That’s exactly what cyber insurance is. When you purchase cyber insurance you are pre purchasing two items:
- Pre-Breach Services
- Post-Breach Services
Many insurance companies offer pre-breach cyber security portals that have loads of useful resources and tools for insureds.
Some common items may be:
- a way to gauge the likelihood and severity of a breach similar to companies that are your size and industry.
- Phishing training to enhance employee’s cyber security awareness and prevent them from clicking on harmful links
- Data Breach Response planning tools, so your prepared in the event of a breach
- and a few hours of pre-breach consulting from an expert data breach coach to wrap it all together
Insurance companies also respond when a breach happens. You submit a claim just like when you have a car accident. A data breach coach is assigned to your claim, and they coordinate all the post-breach service providers like PR firms, legal firms, forensics specialists, credit monitoring companies, and notification service providers. All of this work is to get your business back up and running ASAP.
If you would like to learn more about Cyber Insurance, why you need it, what is covers, what is costs, and the data behind it, listen to Keller Stonebraker’s Senior Proactive Risk Executive Brian Mahon as he hosts a free one hour webinar March 11th here:
or contact Brian by phone at 301-302-8247 or by email at Brian@ksiinc.com.