Cyber liability risks

In recent years, there have been an increasing number of costly computer hacking attacks against large companies, such as Target and Home Depot. But smaller companies face computer liability risks as well. Virtually all businesses use information technology (IT) in some way—to communicate via email, to provide information or services through a website, to store and use customer data and more. Your business can be held liable if certain data is compromised, not only by hacking attacks but even if a smartphone is lost or a laptop computer is stolen.

The risks of cyber liability are evolving rapidly, with new risks emerging as technology advances and new regulations are put in place. Insurance experts now consider the risk of cyber liability losses to exceed the risk of fraud or theft. In this tumultuous environment, your business can take several steps to limit risks, including purchasing cyber liability insurance.

What are your cyber liability risks?

If your computer systems are hacked or customer, employee or partner data is otherwise lost, stolen or compromised, the costs of response and remediation can be significant. Your business may be exposed to the following costs:

• Liability—You may be liable for costs incurred by customers and other third parties as a result of a cyber attack or other IT-related incident.
• System recovery—Repairing or replacing computer systems or lost data can result in significant costs. In addition, your company may not be able to remain operational while your system is down, resulting in further losses.
• Notification expenses—In several states, if your business stores customer data, you’re required to notify customers if a data breach has occurred or is even just suspected. This can be quite costly, especially if you have a large number of customers.
• Regulatory fines—Several federal and state regulations require businesses and organizations to protect consumer data. If a data breach results from your business’s failure to meet compliance requirements, you may incur substantial fines.
• Class action lawsuits—Large-scale data breaches have led to class action lawsuits filed on behalf of customers whose data and privacy were compromised.

What cyber liability insurance covers

Some standard business insurance policies, such as a Business Owners Policy (BOP), may provide coverage for certain types of cyber incidents. For instance, if you lose electronic data as a result of a computer virus or hardware failure, your insurance may pay recovery or replacement costs. To extend coverage for a fuller range of cyber liability risks, you will need to purchase a stand-alone cyber liability policy, customized for your business. This type of policy can cover several types of risk, including:

• Loss or corruption of data.
• Business interruption.
• Multiple types of liability.
• Identity theft.
• Cyber extortion.
• Reputation recovery.

Steps to reduce cyber liability risks

Because computing technology changes rapidly, there is no absolutely sure-fire way to protect digital data and computer systems. In addition, technologies deemed to be highly secure can later develop vulnerabilities or be found to be vulnerable all along. For instance, websites worldwide used an encryption technology called OpenSSL for many years before the technology was discovered to be vulnerable to cyber attack. You may be able to limit your cyber liability risk by:

• Installing, maintaining and updating security software and hardware.
• Contracting with an IT security services vendor.
• Using cloud computing services.
• Developing, following and publicly posting a data privacy policy.
• Regularly backing up data at a secure offsite location.