Cyber Insurance: What is it? Do You Need it?

07 03 DB Cyber Insurance What is it Do You Need it - Cyber Insurance: What is it? Do You Need it?

Technological advancements have revolutionized the way online advertisements, promotions, and shopping are done. This has brought immense benefits to companies, who have now found new ways to interact with the existing and potential buyers. The opportunity offered by social media alone is rich for companies that intend to conduct exhaustive marketing activities. However, social media platforms have also become avenues of cyber-attacks. This has wrought untold financial losses to all types of companies – small, medium and large. A case in point is the latest attack from “wanna-cry’’, a ransom ware that affected businesses on a global scale. Cyber-attacks can originate from almost anywhere. Businesses large and small have to be vigilant.

There are a number of ways that companies can react to the threat of cyber attacks in order to protect themselves and their clients. Some threats are avoidable through proper implementation of policies like requiring strong passwords. Others may require more advanced software and monitoring. But regardless, if you deal with clients online, or if you keep important personal information, you likely need cyber insurance.

What is the Role of Cyber Insurance Providers?

Cyber Liability Insurance Protection (CLIC) is an insurance plan that is meant to offer protection in the event of a cyber-attack. Companies face massive losses and expenses in the event of a cyber-attack and the cyber insurance plan is meant to mitigate such eventualities. The concept of cyber insurance has grown tremendously since 2005. It is projected to reach close to $8 billion in premiums within the next three or so years. Many companies in the US have realized the need for investing in a cyber insurance policy. Presently, close to 35% of US businesses have acquired cyber insurance policies of some kind, and their number is growing daily.

The cyber insurance industry is evolving at a breathtaking rate. However, the magnitude of the cyber-attacks threat has not been fully appreciated for a couple of reasons. One, many companies fail to report the full extent of the damages they face from cyber-attacks for fear of negative publicity. Second, the nature of cyber-attacks is often changing. The two reasons straddle underwriters with a challenge on how to value the financial impact of an attack.

Generally, a cyber-insurance policy will cover the following expenses:

1. Forensics Examination

Once an attack takes place, it is vital that a forensics examination is conducted. The examination will reveal the full extent of the damage and what needs to be done to rectify the situation. The forensic examiners will advise the company on what needs to be done to successfully avert or withstand any future cyber-attack threats.

2. Expenses Arising from Lawsuits and Extortion

The policy will cater for expenses that arise from lawsuits preferred against the company. Such lawsuits may be occasioned by a breach of client confidentiality occasioned by a cyber-attack. The policy also covers any statutory fines that may be imposed on the business, the cost of legal negotiations and any costs incurred as a result of cyber extortion.

3. Service Losses

The cyber insurance policy will meet the cost of loss as a result of failure by the company to deliver service due to the cyber-attack. The service interruption may be as a result of network downtime or otherwise. Other service costs that are covered by the cyber-insurance policy include those of recovering any lost data and carrying out the necessary PR activities to repair the firm’s dented image.

4. Information Alerts

The policy caters for information alerts to customers following a breach. This also includes monitoring the credit rating of customers whose credentials and identity might have been compromised during the assault.

What do you look for in Cyber-insurance Coverage?

A number of cyber insurance companies offer a list of items that are covered by their insurance policy. The buyer can use these lists to compare and contrast various providers before they settle on the one they perceive to be most receptive to their needs. You can also leverage an independent insurance agency to help you shop for the best value. For example, because we are independent, we can shop between multiple carriers for all kinds of insurance needs. Whatever the case, you must ask about the following aspects of a cyber-insurance plan:

a. Does the insurer customize the insurance coverage plan to the needs of their clients, or does it offer a one-size-fits-all kind of policy? Of course, as the buyer, you will be more interested in an insurance firm that is willing to customize their products for your firm.

b. How do deductibles compare amongst the various insurers? Be sure to compare and contrast deductibles among various insurance providers to determine the ones with the best deals.

c. Does the insurance policy include coverage for third-party providers? What are the limits? If third-party providers have cyber-insurance, how will this influence the terms of my contract?

d. Does the insurance policy cover APTs (Advanced Persistent Threats) and other network attacks?

e. Does the insurance policy offer protection in the event of a strike?

The strikes could be targeted at the company, or the company may be affected by collateral damage. How does the insurer propose to handle this?

f. Does the insurer offer E&O protection that caters for an injurious action done inadvertently by an employee?

g. For how long will the policy offer protection against the risk of APTs?

How Do Insurance Companies Determine Insurance Coverage?

A cyber-attack insurance provider expects potential clients to have put certain measures in place before they can underwrite them. For example, the buyer must ensure that they have done a risk evaluation and created a detailed cyber risk profile. They also must have solid protections against potential cyber-attacks. The insurer will request that the buyer educates its workforce on the best security practices to prevent, control, or successfully withstand a cyber-attack.

The buyer is encouraged to consult moral hackers with a view to getting an insight on the buyer’s most vulnerable spots and how to protect them.

Cyber insurance buyers may be asked to provide a detailed audit of their company’s procedures and practices. This will be to enable the insurer to assess the vulnerability levels of the company. Insurers may ask companies to change some aspects of their administrative practices if they are deemed to be a threat.

The Importance of Cyber Insurance Coverage for Businesses

Companies that partially or fully conduct their businesses over the internet need to contact a reputable insurer for a cyber-attack insurance policy. This is because such businesses stand the greatest risk of being assaulted and losing their assets. Statistics clearly show that cyber-attacks are on an upward trajectory. A shocking observation: small businesses are being attacked at a higher frequency than expected. For example, a report by two leading internet security providers found that about 30% of the cyber-attacks recorded 2 years ago targeted small businesses. Shockingly, the attacks against small businesses increased by 15% (to 45%) last year. This in itself should be a wake-up call to small businesses to safeguard their businesses against such attacks.

(It is estimated that the impact of cyber crimes on the world’s economy has skyrocketed to $580 billion per year, from the $350 billion experienced just a few years ago.)

The cost of a cyber insurance plan is dependent on how the buyer’s industry is organized. The industry dictates the policies and procedures of the firm, the kind of services offered, and their risk profile. Small businesses with profits of between $90,000 and $500,000 will have lower premiums than larger organizations.

If you have questions about cyber insurance, definitely reach out to us so that we can put you in touch with the best available resource.

Top 5 Insurance Products All Startups Must Have

06 11 DB Top 5 Insurance Products All Startups Must Have - Top 5 Insurance Products All Startups Must Have

Start-up companies are popping up quickly in today’s fast-paced world and entrepreneurs often find that they’ve forgotten to get essential business insurance to protect their company.

While the owner may tell the board that the business has an insurance policy, this doesn’t mean that the company has the insurance needed. Every company needs insurance that is both adequate and optimized.

To get started, business owners should take these five forms of protection into consideration:

1. Comprehensive General Liability (CGL) Insurance Coverage

This is a type of insurance that protects companies against cases brought against them for the following: Third party bodily injury, building damages, loss of personal effects, and marketing and advertising injury.

What owners should understand about CGL insurance is that it’s designed to pay for your defense when a claim is brought against the company. Ideally, you are allowed to select your own lawyer to avoid any potential conflicts of interest.

The reason why you need this insurance is that many contracts require businesses have at least $1 million in this type of insurance coverage. Even if you don’t think your business needs this level of coverage, you’ll need to purchase it for this reason.

2. Directors and Officers (D&O) Liability Insurance

Although you may have highly influential individuals on your board to help grow your business, these professionals are going to insist on increased insurance coverage.

* Essential to any startup is side A D&O insurance coverage which protects directors and officers from cases of “wrongful acts” or situations where their decisions had a negative effect on the business’s value.
* Side “B” protection protects the company by indemnifying the director or office as well as paying for the defense costs.
* Side “C” coverage protects the firm in the case of a shareholder or class action over securities concerns.

When you have the choice of coverage, many companies select only A and B. These plans leave out judgments as well as any situations where individuals performed in dishonest actions that broke the law or acted in self-interest.

3. Cyber and Media Insurance

Since there have been several high-profile hacking situations for businesses today, the need for cyber insurance is obvious. However, there is not any basic cyber plan available and each insurance provider policies contain untried provisions, terms, and multiple interpretations.

Like the coverage described, these plans offer protection for defense and indemnity. They also can provide solutions for compliance with government and disclosure needs and also crisis management in the case of a breach or incident.

Because not all policies may have a “basic” option, your startup needs to take extra measure. Governments recommend following best practices and establishing firm policies so insurance firms are withholding claims from businesses that they believe did not follow industry standard programs to protect sensitive information.

4. Property Insurance

This type of coverage is designed to protect against any physical damages to the business property. There are a few options but the best choice for coverage is an “all risk” option which will protect against the building and also material and devices inside the building.

Any startup that has a significant infrastructure is going to need this coverage. Tech companies are certainly in need of this coverage option. The policies will safeguard against any damage to web servers and companies may also include disruption protection for any losses due to downtime needed to replace or repair any devices. Inclusions in these policies may be due to damage or loss that’s caused by equipment malfunction, normal aging, and defects.

5. Employment Liability Insurance (EPLI)

This is an important insurance to have and different from the worker’s settlement insurance policy that all states require. It may be purchased in a bundle with worker’s comp or even D&O coverage.

Because discrimination insurance claims are expensive for companies and difficult to work out, this protection is essential for any startup that employs individuals who are popular as well as highly competent.

It may seem like a lot, but each type of insurance covers specific risks that most small businesses face. If you are unsure of your current protections or need someone to help you understand your current risk profile, please reach out to our team of professionals right away. We’re here to help!

Time to Review Your Employee Handbook?

06 03 DB Time to Review Your Employee Handbook - Time to Review Your Employee Handbook?

Many issues face a company when they are bringing on employees. These include basic pay, family and sick leave, as well as general employee welfare.

These are critical issues but having and reviewing an employee handbook is also important. Largely how often you review your employee manual is a function of how large your firm is. The more employees you have, the more often you should review it. (Make sure it is relevant and accurate to your company’s current situation.)

In fact, one of the key things you need to do is to ensure your employee manual is customized to fit your company and that it is truly useful to employees.

As you examine your manual be sure you take current (and new) laws into consideration. New legislation that works in the employee’s favor should be brought to the attention of the worker.

At a minimum, you should review and update your employee handbook at least once a year. And if you’ve let your employee handbook lapse for a longer period than that, you may need the help of a specialist. For example, a lot of changes have taken place with regard to overtime tracking and payments. With changes at the state and federal level, keeping track of these details will keep you out of trouble.

(Another area of concern is in hiring… for example some states have barred companies from investigating a prospective employee’s criminal history…)

Some other recommendations include:

Be sure there is a mechanism in place for employees to sign verifying receipt of the manual including the date of receipt.

Electronic versions of employee handbooks should be made available with updates also being issued electronically. For these, incorporating a digital signature to confirm receipt (and to log the date signed) is also important.

Complete a review mid year and at the end of the year to ensure your company is maintaining compliance with the Fair Labor Act. Also be certain your basic pay and overtime policies are clear and compliant. And be sure you are actually providing employees with the requisite family and sick leaves.

Hopefully this has given you some great ideas. Please definitely reach out to us if you have questions about your business insurance to be sure you are taking care of things like EPLI risks as well as general business risk exposures. We’ll answer your questions and be sure you have an affordable policy in place designed to meet your unique risk profile.