Propel provides innovative insurance solutions to thousands of companies across the country. We make it our business to know your world inside and out.
A new employee arrives early to work, eager to start the day. As he enters the building, he finds, on the ground, a USB drive with the company’s logo. He diligently sends out an email to the office to alert his coworkers of his discovery, but no one responds to claim the lost drive. Still curious, he tries to identify the owner by opening up a few of the files on the drive.
Bad idea. This USB drive was planted in the parking lot by sophisticated hackers who have loaded it with malware. Within minutes the hackers gain access to sensitive information.
What are the hackers looking for? Two things: passwords and sensitive information. With passwords, the hackers can access bank accounts and transfer funds directly to themselves. With sensitive information, they can steal the identities of the company’s customers, employees and vendors. Some hackers aren’t looking for anything at all, but instead want to shut the company down with a “denial of service” attack, or maybe threaten such an attack in order to extort a ransom.
Companies protect themselves from attacks with two standard insurance products: Computer Fraud Insurance and Cyber Liability Insurance.
Computer Fraud Insurance covers the theft money or securities through the use of a computer. This coverage has been available for decades as part of the standard Crime Insurance policy, but many companies have overlooked it and failed to ask for it. In the last few years, it has become a crucial part of a business insurance program. Many banks will not reimburse a business for money lost if the transfer is made with the correct account number and password. Banks’ contracts protect themselves from this responsibility, and courts have backed up this position. Businesses must insure this risk on their own.
Cyber Liability Insurance covers the loss of information regardless of how it might be lost or stolen. The coverage has two parts: First, it covers the liability that follows from the loss, meaning the lawsuits filed by individual victims or from business partners that suffered because of the hacker attack.
Second, cyber liability insurance covers the company’s own costs to notify and monitor the credit of the victims, perform a forensic investigation, and handle the public relations campaign. If there’s an extortion attempt, it covers the ransom.
Key to the value of the Cyber Liability Insurance is access to experts that minimize the time it takes to effectively respond to an attack. The attorneys and consultants on call under the policies have the experience and knowledge to get on top of the situation quickly and effectively. They understand the importance of speed.
These insurance coverages are not expensive relative to other insurance policies. Adding Computer Fraud to a standard Crime Policy likely adds less than 20% to the annual premium. For small companies with access to relatively few sensitive records, $1,000,000 in Cyber Liability coverage is available for under $5,000.
All Companies Are Vulnerable
Good IT departments that keep up with the latest technical protections can prevent some of these attacks, but even the most sophisticated companies have been victims. The most recent high profile attacks involve some of the largest retailers, Target Corporation and Neiman Marcus. But even technology companies such as Apple, Microsoft and Facebook have been the victims of hacker attacks, and one of the largest known attacks was against Sony. Small businesses are just as vulnerable as large ones. Symantec, a leader in global computer security, reports that more than a third of all targeted attacks are aimed at businesses with fewer than 250 employees. More and more, companies of all sizes are recognizing the value of Computer Fraud and Cyber Liability Insurance.