Raymond James & Associates, Inc.

David H. Lilliston
Vice President/Financial Advisor
Accredited Invesment Fiduciary
101 Trinity Place
Athens, GA 30607

December 2017

What Is Cyber Insurance and Should Your Business Have It?

Does your company use electronic data? Does it store or communicate potentially sensitive information about customers, employees, or competitors? If so, then a breach of that data could cost your company plenty. Some well-known organizations have experienced data breaches, including WalMart, JP Morgan Chase, Yahoo, eBay, Target, the IRS, and, more recently, Equifax. Unfortunately, just about any size company or organization that retains personal information can be hit with a cyber attack. One way to transfer some of the risk and costs associated with a data breach or network security failure is through cyber insurance.

What is cyber insurance?

Cyber insurance provides protection against potential costs and financial losses resulting from data breaches caused by cyber attacks, viruses, and other threats. It also helps cover third-party lawsuits filed against your company resulting from data breaches or your failure to adequately protect sensitive or confidential information.

What does cyber insurance cover?

While individual policies may differ, cyber insurance can help cover:

  • Loss of data: Cyber insurance may help cover the cost of restoring or reconstructing data that was lost, stolen, or damaged.
  • Losses from data breach or security failure: Cyber insurance assists in covering some of the costs of investigating how and where the breach occurred; expenses associated with regulatory fines; legal costs of defending against lawsuits and settlement of claims brought by victims whose information was inappropriately accessed, shared, or lost; expenses related to notifying victims of the data breach, such as customers and employees.
  • Costs associated with extortion or ransom demands: That's right, often a cyber criminal will demand a ransom or try to extort money from your company in exchange for your data. Cyber insurance covers some of the costs of paying the ransom for the data or for the restitution to victims whose information was captured.
  • Losses from business interruption: If your company must close while the data breach is investigated and resolved, cyber insurance can help offset the ordinary costs and expenses of your business during its down time.

Who needs cyber insurance?

Your company or organization may be a candidate for cyber insurance if it does any of the following:

  • Sends or receives documents electronically
  • Communicates with customers or third parties via email, text messages, or social media
  • Stores third-party information on a computer network that may be considered sensitive or private, such as an individual's identity, tax information, income, address, Social Security and/or credit card numbers
  • Stores confidential company information or data (e.g., tax documents, sales or marketing figures or projections, trade secrets) on a computer network
  • Advertises company services or products via a website or social media

Aren't these risks covered by business insurance?

Unfortunately, most of the risks and losses resulting from data breaches or losses are not covered by standard commercial general liability insurance. In fact, many policies contain a specific electronic data exclusion. In addition, loss or damage to electronic data isn't considered property damage under a business policy, so coverage wouldn't apply.

Questions to think about

Cyber insurance has policy exclusions, terms, and conditions. When thinking about the purchase of cyber insurance, here are some questions to consider:

  • What specific risks are covered, and what risks are not covered?
  • What deductibles or coverage limits apply?
  • Will the insurer require your company to undergo a security risk review?
  • Are there security controls your company can adopt that will decrease the premium?
  • Will the insurer identify security risks and offer alternatives to minimize or eliminate those risks?

Plan ahead

Cyber attacks and loss of data can be devastating to a business. Plan ahead before a cyber attack occurs. Evaluate your business and determine areas of particular vulnerability. Then create cybersecurity policies and procedures for company employees to follow. Finally, consider the purchase of cyber insurance to help cover at least some of the risks associated with a cyber attack.

Forty-eight states and the District of Columbia have laws requiring private or governmental entities to notify individuals of security breaches of personally identifiable information. In addition, the Health Insurance Portability and Accountability Act (HIPPA) requires HIPAA-covered entities and their business associates to provide notification following a breach of unsecured protected health information.

Refer a friendTo find out more click here
Raymond James & Associates, Inc., member New York Stock Exchange/SIPC

This information, developed by an independent third party, has been obtained from sources considered to be reliable, but Raymond James does not guarantee that the foregoing material is accurate or complete. This information is not a complete summary or statement of all available data necessary for making an investment decision and does not constitute a recommendation. The information contained in this report does not purport to be a complete description of the securities, markets, or developments referred to in this material. This information is not intended as a solicitation or an offer to buy or sell any security referred to herein. Investments mentioned may not be suitable for all investors. The material is general in nature. Past performance may not be indicative of future results. Raymond James does not provide advice on tax, legal or mortgage issues. These matters should be discussed with the appropriate professional.

Prepared by Broadridge Advisor Solutions Copyright 2020.