Cyber Insurance – What it is and Why You Need it

NOTE: Writing for insurance is a totally different experience than writing for news. Every term has an exact meaning, and every sentence needs a thorough examination to ensure (heh) you’re saying only what you intend to say, leaving no ambiguity or wiggle room for readers. I was able to combine my technical knowledge with a significant amount of assistance and coaching from my Insurance Agent boss to put together an article that explains a complex threat and provides an easy-to-understand solution to the problem.

On May 12, the WannaCry ransomware attack digitally assaulted over 200,000 Windows computers by encrypting users’ files and demanded up to $600 in Bitcoin to provide the passwords to the encrypted files. Though the main attack has been stymied, the WannaCry program is still lurking and can still attack systems that are not up-to-date with Windows.

Did most of that paragraph sound like gibberish to you? You’re not alone. Concepts like ransomware, Bitcoin, and cyber-attacks can seem alien and something that only happens to other people. However, the threat of a virus or ransomware program that can derail your business is one not to be taken lightly.

Let’s cover some of the more relevant techno-terms, and then look at how you as a small business owner can protect your business from the possibility of similar cyber crimes.

What is Ransomware and Cryptocurrency?

“Ransomware” is a type of malicious (bad) software that hijacks files on your computer by encrypting them. “Encryption,” in this case, is about as accurate as it sounds – the program places a password on your files, making them inaccessible without the password. You can encrypt files yourself and keep strangers from opening your files, but in that case, you will (hopefully) have the password written down somewhere!

Ransomware encryption passwords are virtually impossible to crack, and ransomware programs threaten to delete their passwords and leave the files unrecoverable if they do not receive payment within a certain time frame. Victims have little choice but to pay the ransom the program demands and hope that the cyber crooks on the other end will provide the password.

Malicious software developers will demand ransom payments in Bitcoin, a “cryptocurrency” that is impossible to trace back to the people making the demands. Bitcoins can be exchanged for “real” currencies like Dollars or Euros.

How Can Cyber Insurance Protect Me?

Insurance carriers have begun rolling out cyber insurance policies meant to protect businesses and individuals from the repercussions of such attacks, and you’re much more likely to be a victim of a cyber-attack than a fire or flood. Cyber-attacks aren’t just ransomware, but also include identity theft and data breaches.

IBM reports that in 2016, hackers and other cyber crooks leaked 4 billion records online, more than the last two years’ totals combined. IBM’s cyber security clients experienced 54 million security events in 2016, averaging around 93 incidents per client. In 2015, the average client suffered approximately 178 security incidents.

What, exactly, does cyber insurance cover? Cyber insurance can cover tangible and intangible property like servers, customer names, social security numbers, credit card numbers, health information, and even threats posed by viruses.

Cyber coverage also comes with first party and third liability coverages. First party coverages cover claims you make against your own insurance for loss of income due to cyber events, while third party coverages protects your customers’ information and is where a customer or business would file a claim against you in case of a cyber event.

What Does Cyber Insurance Cover?

Most Cyber Insurance policies include five major coverages:

1.       Data Loss Expenses: This coverage allows you to immediately and effectively respond to a breach of your data. Covered expense/services include:

·         The cost to set up and administer affected individuals with credit monitoring.

·         The cost to notify those whose information was lost.

·         The cost to replace the data that was lost.

·         The cost of extortion payments in the event that someone is holding your data to collect a reward for its return.

2.       Personal Identity Recovery Expenses: This covers the cost to restore control over your own identity caused from a data breach. This includes the cost to notify affected individuals, set up credit monitoring and fraud alerts.

3.       Business Income and Extra Expenses: Business Income and Extra Expense covers your loss of income due to:

·         Network interruption.

·         Key person’ inability to access the network.

·         Expenses incurred to minimize the network interruption.

4.       Computer and Funds Transfer Fraud: Computer Fraud covers the unauthorized use of a computer for the theft of money or property. Funds Transfer Fraud covers the loss of money and securities in the insured’s own account.

5.       Telecommunications Theft Expense: Provides coverage for charges incurred in the event that someone has fraudulently gained access to the insured’s outgoing long distance telephone services.

A few examples of how Cyber Insurance will apply:

1.       A pizza restaurant offers the ability to order over the phone and via a web site. On a busy Sunday, their website is beset with a Denial of Service attack and their phone lines are jammed by a computer repeatedly dialing their numbers. A local competitor hired an online hacker service to perform the attacks for $400 and cause the target restaurant to lose sales on the important day.

2.       As a restaurant owner, you have many vendors in your business every day. It was discovered that an employee of your after-hours cleaning crew has accessed your computer and changed the bank routing number for the next week’s deposits to their own account.

3.       A business owner receives their phone bill and are shocked to see it has increased more than $10,000 the past month. When the telephone company sends out an engineer to check settings, they find that someone has gained access and piggybacked a line onto the system and has been using that line for long distance calls.

How Much Does Cyber Insurance Cost?

 Cyber Liability Insurance policy limits for small businesses start at $50,000 and can reach $20 million, with higher excess limits available. Policy minimum premiums start at $250 to $2,000. D. Ward Insurance, as an independent agent, can provide quotes from several different A-rated carriers and provide you with the exact limits and premiums your business needs to protect itself in the new digital age.