When Target was hit by a sophisticated data breach last December, 40 million customers had their credit and debit card information compromised. Target is now facing dozens of lawsuits, on top of the loss of sales during the holiday season and the hit to their reputation. And just recently, Standard & Poor's downgraded Target's corporate debt rating by one notch due to the breach.
This case is just another painful reminder of how devastating a cyber attack can be for businesses. And Target is hardly alone. The Washington Post reported that more than 3,000 U.S. companies were notified by federal agents last year that their computer systems had been hacked. According to “Global Risks 2014,” published in January by the World Economic Forum, cyber attacks are one of the five biggest threats the world now faces.
That means the chances of your business being targeted are better than ever.
Whether it’s a breach of confidential company, personal, or customer information, or an attack on your website, any breach of data can quickly add up to costly liabilities. And if you aren’t lucky enough to have the kind of financial resources Target has, you could quickly find yourself out of business.
How vulnerable are you?
If you’re not sure how vulnerable your business is, now is the time to find out. For starters, consider these typical cyber exposures for businesses:
- Loss of business income due to hackers interrupting your website or your service provider’s systems
- Liability for failing to protect confidential information in paper files or on computers, laptops, smartphones, or third-party systems
- Business interruption from hackers denying your customers access to your website
- Costs of complying with the law and notifying those whose confidential information has been breached
- Investigative and public relations costs
How can you protect yourself?
Information is your first line of defense. Educate yourself about how identity thieves target businesses and their data. Identify all access points where your data could be vulnerable, and then develop long-term strategies for securing those access points and eliminating those risks. Develop and enforce strict company policies and procedures for handling confidential information, including closely monitoring and restricting access to such information. And make sure you comply with consumer protection laws, which help protect your business too.
Preventing cyber attacks from happening in the first place is obviously preferable, but the next best thing is making sure you’re prepared for the fallout if it should happen to you. The last thing your business needs is to be caught off guard with no safety net. So one of your first priorities should be to discuss your risks with your insurance provider.
Don’t assume you’re covered
Liability for loss of customer or employee data is generally not covered under a typical business insurance policy. While some GL and D&O policies may provide some coverage, businesses that rely on that generally discover significant gaps in their coverage after an attack. By then it’s too late, and you don’t want to be in that boat.
Unfortunately, cyber threats aren’t going away anytime soon. And since there is no one-size-fits-all cyber liability policy, it’s vital to work with a risk management professional to identify your unique exposures and coverage needs.
The experts at Heffernan Insurance Brokers can help you formulate a plan to defend your business from cyber attacks. And if you should become the next target, we’ll make sure you have a safety net.