Cyber Security and Liability

Over the last ten years, the world has undergone a significant change. The advent of the Internet and the World Wide Web has implemented a new age; the age of information. Anything you might ever want to know is at the tips of your fingers, including personal information.Cyber security has been a hot topic for virtually any organization, no matter how large or small. The state of South Carolina suffered a considerable cyber breach in October of 2012 in which 3.6 million social security numbersand 387,000 credit and debit card numbers were compromised. Due to the breach, South Carolina was forced to pay out more than $20 million(a number that is still increasing) and provide a free credit monitoring system for all those affected.

The incident sparked conversation around the country as states began examining how they could protect themselves from such a breach and how they could alleviate the financial blow-back. Oregon’s Chief Information Security Officer Theresa Masse has been a leading voice in the conversation, advocating for the purchase of cyber insurance. She argues that most states are self-insured, and as such, have a limited pool of money to draw on. Masse’s belief is that states should be at least partially insured through certain high risk payout aspects like credit monitoring.Standard business liability insurance policies generally classify trade secrets and other types of intellectual property as “intangible” and as such, the property is rarely covered if stolen. Cyber-liability insurancehowever covers the costs incurred by the loss of intellectual property or trade secrets (first party claims) as well as covers the damages a company must pay if a customer sues for lost or compromised information (third party claims). Some cyber policies will even pay for the costs associated with breaches caused by employees including notifying all those affected and handling forensic and legal costs.You may reason that these sorts of cyber breaches only occur in the larger companies, who have more information to be accessed, and so criminals have more to gain by targeting them. Unfortunately for small businesses everywhere, this assumption is incorrect. Nearly half of the 621 data-breachesrecorded by Verizon in 2012 occurred at companies with less than 1000 employees and 193 of these occurred at businesses with less than 100 workers.So, how can you protect yourself and your business? First and foremost, utilizing a risk manager and investing in the security infrastructure of your business will work to prevent the severity and frequency of cyber attacks. Purchasing insurance is one of the more costly ways to mitigate risk but it is a necessary step, particularly for small businesses in which the consequences of a breach can be crippling.Article prepared with reference to:Business Insurance Magazine- May 20, 2013. “States Take on Cyber Security”