July 24, 2020 • By Dennis Beaver
For the past several years it seems that not a week goes by when we don’t hear about a major data breach resulting in personal information being stolen. The consequences of an electronic “hack” are costly to the victim-company on many levels.
This has led to the creation of the cyber security insurance policy which, as you will see, can be one of the most useful types of business insurance available today.
I asked Los Angeles-based Karl Susman to explain cyber-insurance. He is in a unique position to see how this highly unique type of insurance functions, both owning his own insurance agency and serving as an insurance expert witness in high-dollar litigation over coverage issues and agents and brokers’ standard of care.
“Cyber liability insurance covers the cost for a business to recover from a data breach, virus, or other cyber-attack or fraud. Additionally, it also covers legal claims resulting from the breach. Today, a company that stores sensitive data in the cloud, on their computer or laptop, or even on a computer server should have this insurance,” he strongly believes, adding, “Because your regular commercial office policy will most likely be of little use in the event you become a victim.”
But cyber-crime goes well beyond the consequences of personal information being stolen. Recently I told you about the million dollar losses suffered by lawyers across North America when they became victims in counterfeit cashier’s checks frauds.
“While their office commercial and professional policies were often of no help, those who had cyber-security insurance would often be compensated for the loss,” Susman observes.
When It Happens, Legal Obligations for Your Business are Significant
According to the Identity Theft Resource Center, “Businesses experienced 571 breaches in 2018, exposing over 415 million employee and customer records. Business breaches accounted for almost half—46%—of all breaches.” The Center noted that, “Although we most often hear about big corporations falling victim to cyber-attacks, small businesses are the most vulnerable.”
He notes, “If your company suffers a data breach, both federal and state laws require significant action on a company’s part to remedy the consequences of that breach, as we saw with Target stores and stolen credit data from credit collection bureaus.
“Any time you have an electronic breach, there is a whole laundry list of things to do required by federal law. Because you must follow these guidelines, if your company becomes a victim of cybercrime, the carriers take over that responsibility to be sure you are complaint. These insurance companies have people who will do this for you.”
Ransomware And Cyber Insurance
You’ve no doubt heard the term “ransomware.” Susman explains what it is and the consequence of it happening to your business which can be horribly costly.
“Today one of the most common types of electronic intrusion has to do with ransomware which is composed of five elements, and here’s how it works:
(1) An entity or individual who;
(2) Gains access to your company’s network;
(3) Freezes all the files with an encryption which;
(4) Locks you out of your own files, and then;
(5) Demands that you pay them in order to release the files.
So, how can this happen? “It’s the human element,” he is quick to point out, “often fed by curiosity and a failure to be skeptical.”
“You get an email which says, ‘Hi I have a question about my account with you, please, click here for my contact information.’ Or, ‘Hi I am looking to get a quote, here is the info for my quote, just click here.’
“But anytime you open a web page there is a potential for malicious code to be installed on your computer. In a matter of seconds each your company’s servers and then the files will be locked out. Your server no longer works.
“Typically you discover this when turning on your computers and see:
You have 24 hours to pay two bitcoins to get access to your files and your computer.
As Susman outlines, in the event of a ransomware attack, the cyber insurance company will:
(1) Assign an IT expert to attempt to recover your data and not pay a ransom;
(2) They will look to see if you have backups and if they can roll your system back to a time when the ransom wear was not installed.
“If the system cannot be restored and you are unable to restore client data, the cyber policy will pay that ransom within policy limits which should give you access to your data.”
Susman concluded our discussion with this cautionary note:
“While cyber-security insurance is indeed valuable, what is covered varies widely from company to company, so you really need to use a broker who is familiar with what is on the market.”
Dennis Beaver practices law in Bakersfield and enjoys hearing from his readers. Contact Dennis Beaver.