Your integration firm houses all types of personal information: social security numbers, credit card numbers, account numbers, drivers’ license numbers. What happens when this data is compromised? Many people don’t put cybersecurity at the top of their list – but you should.
Globally, cybercrime exceeded $600 billion in 2017. The average total cost of a data breach was $3.62 million (average cost per breached record was $141). And these numbers don’t just account for large organizations. Approximately 61% of data breaches occur within small organizations with 1,000 or fewer employees. If you think your firm isn’t a target due to staff size – think again.
Our excuse for not keeping up can’t be because these threats are changing too quickly (although that becomes truer every day). Through 2020, 99% of exploited vulnerabilities will continue to be ones known by security and IT professionals for at least a year.
One way integrators are choosing to protect themselves from this inevitability is through an investment in cyber insurance. Your general liability policy probably won’t cover cybersecurity incidents – those are typically excluded.
Is Cyber Insurance Necessary?
How do you know if you need cyber insurance? Here are a few questions to ask:
- Do you collect or process forms of payment?
- Do you store social security numbers or credit card information?
- Do you have backups to your current system (and have you tested them)?
- Do you have an incident response plan?
- Do you encrypt your data at rest and in transit?
- Do you operate on third-party software?
- Do you let other third-party vendors VPN into your network?
The more you answer “yes,” the more likely that an investment in cyber insurance will be worth it to you. Another factor to consider is the potential damage that will result from a data breach. This sample data breach cost calculator can help you estimate potential losses if you ever face a security situation. Answer seven simple questions and get possible cost breakdowns for incident investment, customer notification and crisis management, regulatory fines and penalties, class-action lawsuit fees, etc.
What a Comprehensive Policy Includes
If you determine that cyber insurance might be beneficial for your organization, we recommend third-party and first-party coverage. Third-party coverage protects you in case of a customer breach due to your software or services. First-party coverage protects you in the event that your firm’s own data is breached.
For third-party coverage, look for these policy line items:
- Network/information security: Coverage for costs and damages associated with unauthorized data access or failure to provide notification of a data breach
- Communication/media liability: Coverage for lawsuits resulting from your firm using some sort of IP information or plagiarizing content/designs
- Regulatory defense expenses: Coverage for government/legal defense costs
For first-party coverage, look for these policy line items:
- Crisis management: Coverage for PR-firm payment during an event for damage control
- Security breach remediation: Coverage for the costs associated with notifying impacted parties of a breach
- E-commerce extortion: Coverage for the costs associated with ransomware
- Business interruption: Coverage for the costs incurred when a type of software (selected and installed by you) used by your client suffers a breach and the customer experiences business interruption as a result
In addition to cyber insurance helping make sure you can bounce back from whatever security incident may happen, we’re also hearing reports of clients starting to ask integrators about the type of cyber insurance they have – and what protections are offered in case something goes wrong. Down the road, this could be a differentiator.
Additional Cyber Insurance Resources
Looking for more information on cyber insurance? Login to www.nsca.org to watch a free archived webinar, The Daunting Task of Quantifying Cyber Security Insurance, presented by NSCA Business Accelerator TrueNorth.
NSCA offers several additional resources as well to help integrators manage and improve cybersecurity:
- Indarra creates tailored cybersecurity employee training programs. By performing detailed security awareness assessments, integrators can secure their workforces to protect against costly data breaches. Indarra can also conduct testing to see how susceptible employees are to opening unknown attachments or providing vulnerable data to attackers.
- Defendify helps integrators test their technology and systems to determine potential vulnerabilities, and then implement affordable, layered, ongoing cybersecurity solutions that go beyond traditional antivirus and firewalls. Defendify can also help integrators create and enforce company-wide cybersecurity guidelines and policies.
- You can find cybersecurity policies and information in our Essentials Online Library. We also cover cybersecurity in our free monthly webinars (watch a recent one here, which discusses protecting your organization and clients from a data breach) and our weekly blogs (check out this recent piece on how to select a cyber insurance partner).