In a study conducted by Mckinsey & Company, it was shown that 40 percent of sole proprietorships do not carry any type of commercial insurance. As more companies keep digital records on their clients and use technology to complete transactions, insurance needs are expanding beyond traditional property and liability coverage. Businesses are beginning to consider if it's worth having insurance for digital attacks and privacy breaches.
Cyber incidents are now the third-largest global business risk, reported CBS. Canadian insurers are not required to cover losses due to data breaches and what coverage is available can vary based on the language of each policy, according to Mondaq. Insurance catered to privacy breaches may cover legal costs associated with this type of attack as well as business expenses to repair any damage to databases or virtual storage.
Common risks include employees sharing client data via email with unauthorized parties and hackers stealing information like client names, addresses and credit card numbers. Hackers can make a profit by obtaining information from company databases and selling it to identify thieves or scammers.
For digital companies, down time is a huge concern and is often the second phase of a cyber attack. E-commerce sites and apps can experience a massive loss in revenue during a service interruption.
"Clients are looking for large, holistic cyber programs that cover whatever happens from data breach to property damage and business interruption," said Paul Bantick, head of cyber insurance at Beazley in an article on Bloomberg.
Property damage can include malware that's inserted into a system's code and can require hours of work by developers to remove. Occasionally a company will need to roll back a website to a previous version, losing any work recently done by coders.
Avoiding a digital attack is imperative regardless of insurance status. Make sure to educate all employees on proper data handling. Everyone with computer access should be trained on how to identify potential viruses on websites or in emails and what to do if they encounter a potentially infected page or attachment. Each business device with internet access should have updated anti-virus software and standard privacy features like password protection.
In addition, any company providing cyber insurance should be able to help identify risk factors and give you resources for how to prevent future attacks.