Cyber Risks and Insurance for a New Age

“Dear _____ Guest,

As you have likely heard by now, ______ experienced unauthorized access to payment card data from U.S. _______ stores. We take this crime seriously. It was a crime against _______, our team members and most importantly you—our valued guest.

We understand that a situation like this creates stress and anxiety about the safety of your payment card data at _______. Our brand has been built on a 50-year foundation of trust with our guests, and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at ______.

We want you to know a few important things…”

Stress and anxiety: two emotions most business owners do not envision as part of the customer experience.

The above excerpt is from a letter Gregg Steinhafel, the Chairman, President and CEO of Target, addressed to Target customers on December 20, 2013, after millions of customer credit card numbers were stolen.

While business owners often contemplate and insure against fire, theft or tornadoes, the Target incident represents a new risk businesses face. Situations such as the Target data breach fall under a category of risks the insurance industry refers to as “cyber” risks.

In response to these new risks, insurers now offer a variety of “cyber” insurance products to small business owners. Despite this fact, many business owners a) are unaware of the risks their business faces, b) don’t think it can happen to them and c) are unsure of the coverage they have.

What risk does my business face?
Federal and State laws now address the risks of information age in which we live. These laws have created standards regarding private, sensitive data, such as credit card numbers, as well as other personal information such as social security numbers. This can include customer and employee information!

In the event of a data breach, the laws spell out exactly what course of action a business must take, including notifying those whose information has been compromised, providing credit monitoring and more.

Aside from the financial exposures from a potential loss of reputation, complying with notification requirements and other aspects of the laws are expensive—costs can exceed $200 per person affected.

It can’t happen to me!
Many business owners point to the Target incident and reason that high-profile businesses are more likely to have this exposure. In reality, small businesses are increasingly suffering losses due to computer-related events, or even physical breaches like dumpster-diving or break-ins.

Other incidents occur due to human error, or even a disgruntled employee.

What insurance solutions are available?
Insurance products can protect against lawsuits and cover other costs your business may incur. For example, the policy can provide a consultant to help comply with the laws, cover notification costs, lost profits and more. The policy can also be programmed to protect a business who has had money taken from their bank account by a hacker.

Business owners who are curious about coverage should consider talking to an expert in the field, as the insurance policies can vary widely. Coverage can be purchased by any business, at any time.

This article was also published in the Elburn Chamber of Commerce August 2014 newsletter.