Cyber Liability Insurance
To understand the extent of cyber crime, you need only turn on the evening news to hear about the latest unprecedented theft of personal data. What you don’t hear is how big of an impact cyber crime is having on smaller regional businesses, including the theft of client data, phishing scams that put your finances at risk, ransomware attacks holding your data hostage, and more. Large firms spend millions to protect their client’s data, making a large scale data breach more difficult – but cyber criminals understand that smaller firms are less likely to have the same level of defense protecting their information, yet have the financial means to be a viable target.
Several clients of Levitt-Fuirst have been targeted, successfully and unsuccessfully – and we feel EVERY commercial client should have a cyber liability policy in place to protect them in case they are the next target.
The Coverage
A Cyber Liability Policy contains a wide range of 1st and 3rd party coverages designed to protect your firm from many different types of claims. Social Engineering, Security and Privacy Liability, Breach Event Costs, and Dependent Business Interruption are a few of the coverages offered under a standard Cyber policy.
One unique aspect of Cyber Liability coverage is that the carrier becomes a partner in your cybersecurity program. Unlike other traditional lines of insurance, a cyber carrier depends on pre-breach risk management, training webinars, employee training, and other opportunities to lessen the risk of having a cyber incident, and to limit the damage associated with a breach. Should you have a data breach, most cyber liability carriers will offer personalized claim handling, a recovery and restoration team to close the holes in your security where the breach occurred, a forensic team to figure out whose information may have been stolen, and a plan of action to meet all legal and notification requirements.
The Cyber Liability Market
Levitt-Fuirst works with a large number of insurance carriers to find the best cyber coverage for your firm. A technology firm has different needs from a financial firm, and a construction company has different risks than a property management firm. Although all businesses share some general risks (ransomware, data theft, destruction of data), there are unique industry and regulatory requirements that each business must account for. Levitt-Fuirst works with you to find the best policy to protect you, taking your unique situation into account.
Contact your account representative for more information, or call us at 914-457-4200 and ask to speak with someone about Cyber Liability Insurance. If you ever have a claim, you will be VERY glad you did.
Levitt-Fuirst’s Client Cyber Stories
A small business client of ours nearly fell victim to a spear phishing campaign, a targeted email request based on intimate knowledge of the key players in the business.
The wife of a family owned business received an email, seemingly from her husband, to wire money to a 3rd party. The instructions were not unusual - the wiring of funds and how the email was received were both "normal", and the 3rd party made sense. The wife took the extra step of calling her husband to verify that the wire transfer was real, and was grateful she did.
As in this case, your firm should ALWAYS double check any financial email request, BY PHONE, before acting. Note that if an email has been compromised, replying to the email may get you a response from the hacker, telling you know the bogus payment is acceptable. Always get verbal response before proceeding.
This scam has been responsible for countless millions of dollars sent to cyber criminals. In the heat of the moment, when things are in a time crunch, a seemingly accurate email may be acted upon without any verification, and money is sent to untraceable sources. If you do not have proper cyber coverage, the money is lost and there is no recourse.
In today's fast paced world of deadlines, we sometimes do things too fast, without second checking the details. A financial services client, under deadline, emailed payroll accounts to the wrong client. These payroll reports contained extensive "Personally Identifiable Information", or PII.
Federal law requires any entity that shares PII, or has files containing PII stolen, identify those impacted by the breach, notify all impacted individuals or parties, and an offer credit monitoring to those impacted individuals or parties.
In this case the list of individuals was clear, but in a data theft situation, forensic expense to find out what data was stolen and who is impacted can run into the hundreds of thousands of dollars - simply to understand who the impacted individuals or groups are!
It is said that the greatest cyber risk to a company is not the holes in the firewalls or servers or anti-virus programs purchased to protect your firm, but your employees sitting at their computers. When you mix both technological lapses with human error, the risks rise considerably.
A Levitt-Fuirst insured, through an unknown series of events, came to have a virus on an employees workstation. When that employee inadvertently sent an email containing the virus to another company, and the virus infected the business partners network, a liability was created.
There have been no public lawsuits (that we have found) focusing on this liability, but there have been countless instances where a firm requested financial compensation to clean up cyber messes caused by another firm. Experts agree - if you send a virus to another individual or firm, even if you have no idea you are doing it, you can be held liable for the damages incurred by your mistake. There is a solid legal argument to hold you accountable for the damage you cause to others computers or networks.