I am asked this question almost every week. It is really small business data breach insurance. All the publicity regarding hacked servers in the news media has spooked a lot of people. It seems just about everyone in this day and age uses the internet to promote their business and or products and services. That alone will not require any insurance. But if you are collecting client information and storing it on a PC or server in your office that has a vulnerability issues written all over it.
You might think that most data breaches are caused by hackers or malicious attacks. But more than half of data breaches are caused by system glitches and human error.
- An employee mistakenly sends a batch of personnel files to the wrong email address.
- A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system.
- While on business travel you lose your cell phone, which has sensitive customer information stored in your email’s Inbox.
Data that is maintained in a cloud environment is somewhat safer. You are relying on that vendor to have the correct security. Once again, this should not be taken for grant it. You should be discussing the software you have or are about to invest in with an internet specialist or your IT professional.
Here are some of issues that you must consider if a breach occurs:
- Breach notification to customers
- Credit card monitoring services
- Costs to retain a public relations consultant to help restore your reputation
- Consulting and forensic fees to identify and resolve the cause of a data breach
- Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information
You can probably get a get an “add on” to your business liability policy that will cover the above actions.
So my answer to the questions regarding a small business needing Cyber Insurance is most likely “yes” if you fit into the above description. If you are having a vendor handle one of these areas for you, I would discuss their plan of action for stopping problems and if a breach does happen what is their response.
It is only going to get more complicated and your business is going to more involved with data type tools and software.