News & Guidance

shutterstock_302508602

How to protect your business against cyber risks?

As companies have grown more dependent on information technology to carry out everyday business transactions and customer interactions, cyber and privacy liability insurance has emerged as a necessary measure of protection against unauthorized use or access to electronic business data or software.

“Cyber and privacy insurance protects those businesses or professionals that gather privileged or confidential information from clients in the event that a hacker or employee gains access to the information for personal use or sells it on a secondary market,” said Popular Risk Services President Eduardo Criado.

The policies cover the liability for a data breach in which a firm’s customers’ personal information, such as Social Security or credit card numbers, is exposed or stolen by an outside hacker or company employee who has gained unauthorized access to the firm’s electronic network.

Aside from data theft and misuse, the need for cyber liability coverage is made greater as a result of federal laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), passed in 1996, which requires healthcare professionals and businesses to have protocols in place to be followed in the event of internal or external cybernetic attacks, explained Criado. “Businesses are responsible for the protection of the privacy and personal information of their customers,” he added.

There are significant costs involved in dealing with a data breach such as loss of income, legal expenses and network security improvements. Cyber and privacy policies cover and reimburse a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.

Vulnerability to data breaches and their associated risks increases along with the volume of customer transactions. Criado cited the example of Target retail stores’ massive security breach involving up to 40 million of its customers’ credit and debit card accounts at the heart of the 2013 holiday shopping season. Additionally, the use of third party information technology providers for services such as data warehousing compounds the potential risks.

The claims process is simple. Once a data breach occurs or is suspected, the incident is reported to the insurance carrier which will then initiate a forensic analysis to determine its magnitude and attempt to find and restore the data in question. The carrier will then help mitigate any reputational damage and provide coaching to the insured on how to manage the incident. It will also assist in and cover the expense of notification to clients and credit monitoring. Finally, the carrier will provide coverage for fines imposed on administrative proceedings up to the policy limit.

A business necessity

Criado stressed the fact that insurance coverage for liability arising out of the unauthorized use or access to a data is now a necessity for businesses that use technology and maintain privileged customer information such as name, address, phone number, social security or other unique identifier. In 2014, the top industries that reported incidents were finance & insurance, information & communications, manufacturing, retail & wholesale, and health & social services.

“From the perspective of business best practices, it is like asking a doctor if he has malpractice insurance coverage or a lawyer if she has professional liability insurance. It is a defense mechanism that protects clients if a third party gains access to their information,” said Criado.

Popular One wants you to be protected in the event of a cybernetic attack compromising client data. Our insurance specialists at Popular Risk Services can help you identify the right coverage for you and the options available to protect our business.

Insurance products are not deposits, are not protected by the FDIC or other federal government agencies, are not guaranteed by the bank and can lose value. Popular Risk Services is a subsidiary of Popular Inc. and affiliated to Banco Popular.