Breaches are beginning to become more and more common like any other disaster, and the after-effects of a breach can be long-term. Last year, there were 1,579 data breaches, exposing nearly 179 million records. That represents a 44% increase in the number of cyber breaches and a 389% increase in records exposed. In this blog we’re looking at how your business needs to plan for these incidents like any other workplace safety issue, using plans, policies, and insurance to keep you and your bottom line safe. Let’s start with terminology.
Malicious Outsiders (Intentional)
A malicious breach is any data leak caused by someone outside the company that gets ahold of the private information/data. There are different scenarios where they can be considered an intentional breach.
- Viruses and Malware: Usually left by a hacker or downloaded by an employee without knowledge. These include ransomware, trojans, and other malicious software that captures or locks down data.
- Keyloggers and Card readers: Commonly found in a card reader on a company’s registers or ATM at a bank.
- Phishing: This involves hackers that have knowledge about a company or have access to information to pretend to be an employee to reach funds, data, or both. See also Business ID Theft scams.
- Security Exploits: From servers to networks to individual devices, their hardware and software may be exploited or bypassed by hackers. Update often.
- Physical Viewing: Make sure your vital data or personal information isn’t viewable at the office by visitors, especially public areas like receptionist counters.
Accidental Data Breach (Unintentional)
An accidental loss or accidental data breach is one that wasn’t done on purpose or with no intention of harm when the company unknowingly exposed private information/data to the public.
- Unsecured Servers: Databases that are being shared through clouds and third parties that don’t have the proper security in place to protect data may fall into this sort of breach.
- Data Transmission: This could be sharing a phone call, piece of mail, or email to the wrong person containing confidential information.
- Accidental Deletion: Or the destruction of a file that doesn’t have a secured backup in place.
- Physical Loss: Of a phone, laptop, or even a thumb drive that contains sensitive information.
What is Cyber Insurance?
Cyber insurance is a policy that helps an organization diminish its risk exposure by covering the high costs that are involved with recovery after any type of cyber breaches. Cyber insurance also covers first and third party claims, unlike general liability policies. While there is no one template for cyber insurance policies, the following four are some common expenses that can be covered by cyber insurance.
- Investigation: After a cyber breach, it is necessary for the organization to investigate the breach, how to recover from it, and how to prevent it in the future.
- Monetary Costs: cyber insurance can also cover monetary losses due to network downtime or interruption of business and recovering lost data. It can also cover the company’s cost of repairing reputation damage that occurred because of the cyber breach.
- Privacy and Notification: This includes notifying anyone affected by the breach, including the customers. It also involves credit monitoring for those customers whose information was breached. In many areas, this notification is mandatory by law.
- Law suits and Extortion: A cyber breach can be accompanied by the releasing of confidential information, legal settlements, and fines. Covering extortion can also mean that businesses are protected from a ransom war with the hackers.
Learn more in our blog, The Importance of Cyber Insurance. After that, take the time to contact the TJ Woods Insurance Agency about your current business insurance and how cyber insurance would factor in helping deal with your online risks.
