I was recently at a conference discussing insurance products available to OIA members when the subject of cyber liability insurance grabbed some attention. Several agents responded to my explanation of the importance of this insurance with “Why in the world would an independent insurance agency need cyber? We’re not Target!
Some of you read that and thought, "Oh boy!" While others read it and thought, “Yeah that's right, why do I need cyber insurance? I’m just an insurance agency!”
It made me think: Do we still consider only well-known large retailers, restaurants and online vendors targets of cyber crimes? You should know that 43 percent of cyber attacks target small businesses. So, if you think no one is interested in hacking into your system — think again.
"Cyber crime is the greatest threat to every company in the world."
Taking Candy From a Baby
Insurance agencies collect a lot of personal identifiable information, which is a gold mine for cyber thieves. Larger companies have the resources to employ full-time IT departments dedicated to preventing cyber attacks and they still get hacked.
As with most theft, it goes back to the path of least resistance and small businesses simply do not have the same resources available to protect themselves. For hackers, it’s like taking candy from a baby.
Cyber theft is at an all-time high with no slowing down in sight. According to Ginni Rometty, IBM’s CEO, “Cybercrime is the greatest threat to every company in the world.”
What is the average cost of data breach for an insurance agency? Let’s say you have a breach and determine that 1,400 records were compromised. You can expect the breach to cost approximately $665,000. Seventy-five percent of this is wrapped up in the cost of forensics to determine what and who were compromised, while the rest will be the cost of notification and compliance with federal and state laws.
Cyber Crime Continues to Evolve
Another cyber crime on the rise is ransomware. Hackers are kidnapping our systems and data and extorting money from us in the form of bitcoin.
Imagine walking into your agency one morning, turning on your computer and seeing a message stating that unless you pay thousands of bitcoins, the hackers are going to delete all of your data. You have been locked out of your system and you are at their mercy.
So, you're right, you're not Target or Google. Companies like Amazon, Target, Google and Apple have the resources to rebound from the PR nightmare and crisis of consumer confidence and survive.
It’s the small businesses of America that will suffer; 60 percent of small businesses in the United States go out of business within six months of a cyber attack because they don’t have the proper protections in place. The majority of small businesses will cease to exist after a cyber attack. That's 6 out of 10, for all of you who are as bad at math as I am!
Do I have your attention?
Now let me tell you how to protect yourself before this happens to you.
Purchase the right insurance coverage to assist with the costs associated with a breach. OIA has a robust insurance product on Beazley paper that is exclusive to members, and a team of people ready to answer your questions and get you covered.
Understand the types of critical data you have at your agency. Where is this data stored? Is it backed up and how often? Who has access to it? Is it encrypted?
Have a plan in place. A cyber breach disaster plan, if you will. You also need to train your employees and implement protocols for internet usage, email and other systems. Get everyone on board in your agency, just as you would with E&O loss-control measures.
Have your website tested by a third party. For obvious reasons, it should not be the same company that built or maintains your website.
Okay, enough reading about it. No more excuses or discussing the what if’s. Get busy putting the plan in place that will protect everything you have worked so very hard to build.
Remember that OIA is here for you and has a team of people ready and willing to help your agency. We believe IAs are the best resource for consumers to access risk-management advice and insurance coverage, and we want to ensure you’ll be around for the long haul.
Interested in taking a cyber course?
Need cyber INSURANCE?
Additional Cyber Resources
Agency Cyber Guide 1.0: Tools for compliance and protection in today’s world of data breach and cybercrime (Agents Council for Technology, ACT)