Cyber Insurance Is Very Necessary For Small Businesses
Posted by: Chris Wilson, Strategic Risk Advisor
I received a phone call from my daughter recently. She was considerably frustrated about a situation with her debit card. A few weeks prior to our phone conversation she noticed two unidentified purchases posted to her checking account. The bank had notified her that her account number had been stolen and used by someone in another part of the country. She then received a new debit card, notified anyone who was making electronic funds transfers out of her account, and assumed that the problem was solved.
Her frustration the day of our call was due to the fact that the new debit card number she was issued had now been illegally used at a service station outside of the country; as someone attempted to make a withdrawal from her account. Luckily, the bank identified the transaction as a potential credit card fraud before it was processed. Sadly, the service station had to ante up and pay for the illegal charge. It was later found that the theft of the card number either occurred at a convenience store or one of two restaurants.
Currently there is increasing press coverage surrounding cyber crime. More frequently you hear about the large breaches of thousands of records from colleges, hospitals, and even government agencies. Did you know cyber crime is increasingly aimed at small to medium sized businesses who in many cases don’t believe they have much exposure? In a report released by Symantec Corporation published as early as 2008, criminals were selling stolen data for approximately $1.70 each per credit card information, $10-$900 for bank account credentials, and $1-$18 for email accounts. This data can be sold in small lots or in bulk and resold many times. Due to the increasing black market price of this data, this has become a lucrative business for many criminals.
Here are some data breaches which have occurred in the past few years to small and medium sized businesses, many located in Wisconsin:
• 2006-2009 - Debit and credit card information was put at risk because receipts printed at a gas station displayed the expiration date or more than the last five digits of a credit card.
• March 2008 - Hackers used the remote access software of POS systems to steal credit card numbers. Many of the POS systems that were breached were located in restaurants.
• May 2011 - Approximately 90 compromised PIN Pads were discovered throughout the United States at an arts and crafts retail chain.
• January 2013 - Criminals installed malicious software on the POS system of a restaurant chain in the United States to steal debit and credit card information.
Many of these attacks were aimed at small businesses owners who may not have thought they had much of an exposure to cyber crime and, perhaps, didn’t maintain the same safeguards as larger companies, making it easier for criminals to breach their system. In addition to taking steps to protect your computer data, you should consider purchasing cyber liability insurance if you have not already done so.
Here is a sample of what can be included on a cyber liability policy:
• Costs related to repairs to a computer which has been compromised
• Funds transfer fraud
• Fines or expenses relating to the Payment Card Industry (PCI)
• Legal liability for transmission of a virus to a third party
• Loss of Income following a shutdown of the business following a breach
• Liability for content posted on a web site or social media site
• Cyber extortion
• Security breach notification expenses (As of 2013, all but four states mandate notification for any data breaches)
• Public relations expenses
While insurance policies will cover some of the expenses, it is difficult to put a price on the reputational risk to a business following a serious data breach. Your best defense is to continuously monitor your data systems and take the necessary precautions to effectively protect your customer’s information. With the continuous increase in cybercrimes that we’re seeing today, its best practice for all businesses to invest in cyber liability insurance.