When you think about what usually causes a business interruption, natural disasters such as fires, earthquakes and floods probably come to mind first. These events can physically damage your property and equipment, making your workspace unusable for a time. The damages from Hurricane Katrina and Superstorm Sandy are great examples of how a natural disaster can put a halt to a business’s day-to-day operations. Many of those affected businesses remain closed to this day.
While natural disasters are still the main reason for an interruption, another cause is quickly moving up the ranks: cyber attacks. As businesses continue to rely on computers and digital storage of essential data, cyber-attacks will continue to be a potential exposure. Read on to learn how a cyber attack could lead to a business interruption and what you can do to mitigate the risk.
How can a cyber attack cause a business interruption?
Hackers, thieves and other unauthorized individuals have become adept at exploiting weaknesses in a business’s computer system, whether through traditional hacking methods or social engineering. There are several types of attacks that could completely cripple your ability to perform normal business activities, including:
- Malicious code that renders your website unusable
- Distributed denial of service (DDoS) attacks that make your website inaccessible to employees and customers alike
- Viruses, worms or other code that deletes critical information on a business’s hard drives and other hardware
It is quite easy to see how any of these events might leave your company scrambling to do business.
Unfortunately, many smaller businesses don’t have the manpower available to detect the problem and work on fixing it, which only increases the length of an interruption.
Third-party interruptions can have a major effect on your business
You can still be affected even if it isn’t your business that experiences a cyber attack. Imagine what would happen if one of your vendors suffered an attack, resulting in a complete shutdown of its warehouse or website. Unfortunately, attacks on third parties are often out of your control. Such an event could have a profound effect on how much business you are able to do, and that would trickle down to your customers, who may rely on your products or services.
Ways to prevent a cyber attack from causing a business interruption
A common saying in the cybersecurity world is, “It’s not if you’ll be a victim of a data breach, but when.” While 100% protection is impossible, you can help lower your chance of business interruption due to a cyber-attack by following these tips:
- Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their functions, the data they store and process and their importance to the organization.
- Make sure all firewalls and routers are secure and kept up to date.
- Implement a cybersecurity policy that educates employees about the dangers of computer intrusions and how to prevent them. Bates Hewett & Floyd can help you draft a cybersecurity policy specifically tailored to your company.
- Download and install software updates for your operating systems and applications as they become available.
- Implement a strict password policy and have employees change system passwords every 90 days.
- Limit employee access to company data and information, and limit authority to install software.
- Make sure you are covered by a cyber liability insurance policy.
How can cyber liability coverage help?
Most traditional commercial general liability (CGL) policies will not cover business interruption losses due to a cyber event. Luckily, cyber liability coverage can fill that void.
Should your business be unable to perform normal business operations, a cyber liability policy can help pay for expenses related to an interruption. The coverage pays for:
- Lost income due to the event
- Profits that would have been earned had the event not occurred
- Operating expenses, such as utilities, that must be paid even though business temporarily ceased
- Rented or leased equipment Cyber liability coverage also helps protect your business from the following events:
- Data breaches, including costs for customer notification, some legal costs and credit monitoring for those affected
- Damages to third-party systems, if, for example, an infected email from your servers crashes the system of a customer or vendor
- Data or code loss due to a natural disaster or malicious activity. Physical destruction of equipment is covered under a different policy.
- Cyber extortion, including ransomware, which is malicious code installed into a computer on your network that prevents you from accessing it until a ransom is paid
Even though business interruptions due to cyber-attacks are relatively uncommon, being unprepared for one could prohibit you from doing business as usual. Contact Bates Hewett & Floyd today to find out how we can help you avoid a business interruption.
10 Reasons to Buy Cyber Insurance
Bates Hewett & Floyd customers have access to a great Cyber Insurance product via Evolve MGA.
If the information above has you considering cyber coverage, Evolve has provided 10 more reasons why you should consider this coverage.
1. Cybercrime is the fastest growing crime in the world, but most attacks are not covered by standard property or crime insurance policies.
New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses.
2. Systems are critical to operating your day to day business but their downtime is not covered by standard business interruption insurance.
All businesses rely on systems to conduct their core business, from an electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a “non-physical” peril like a computer virus or denial of service attack.
3. Data is one of your most important assets yet it is not covered by standard property insurance policies.
Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realize that a standard property policy would not respond in the event that this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss up to the full policy limits.
4. Third-party data is valuable and you can be held liable if you lose it.
We all hold more data than ever before and often this data belongs to our customers and
suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims in the event that you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data. This risk is further heightened in the event that you hold any data on US consumers.
5. Retailers face severe penalties if they lose credit card data.
Global credit card crime is worth over $7.5bn and increasingly this risk
is being transferred to the retailers that lose the data*. Under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, payment card re-issuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs.
6. Complying with breach notification laws costs time and money.
Breach notification laws are slowly being introduced across many different countries. These generally require businesses that lose sensitive personal data to provide written notification to those individuals that were potentially affected. Even though a legal obligation to notify only currently exists in some countries, this is changing and there is a growing trend towards voluntary notification in order to protect your brand and reputation. Customers who have had their data compromised expect openness and transparency from the businesses they entrusted it with. Cyber policies can provide cover for the costs associated with providing a breach notice even if it is not legally required.
7. Your reputation is your number one asset, so why not insure it?
Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a PR firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors.
8. Social media usage is at an all-time high and claims are on the rise.
Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightning speed and exposed to the world. But often there is little control exercised over what is said and how it is presented and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement.
9. Portable devices increases the risk of a loss or theft.
The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a train, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus.
10. It’s not just big businesses being targeted by hackers, but lots of small ones too.
Whilst the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss.
Bates Hewett & Floyd
When you think about an independent insurance agency in Northeast Florida, you probably think of a small to a medium-size office run by a family or a few employees. If you have never visited or been inside Bates Hewett & Floyd, you have not experienced the big picture. With 30 employed professionals (currently seeking additional candidates to join the team) we are one big family (some blood, most not) that spans three offices and are spread throughout the many facets of insurance that Bates Hewett & Floyd.