Cybersecurity liability insurance is considered a must-have in today’s digital landscape, regardless of the type of company or its size. Almost all information about a company, from aspects as mundane as daily operations to data as important as financials and other private information, is now stored mostly in an online database. According to IBM, 62% of all cyber-attacks target small and mid-sized businesses. Not having cybersecurity, or lacking cybersecurity liability insurance, is not only a dangerous practice, but it is simply not an option. There are various ways that lacking cybersecurity protocols puts your business at risk.

One major negative impact of not having cybersecurity liability insurance is the massive amount of possible data loss and the chain effect this can have on the rest of the company. Possible outcomes of data breaches include the stealing of company assets, documents, or financial information, sending employees into a stressful frenzy to remedy the situation, and halting much of the company’s business operations and productivity until the issue is resolved. Frequently, their entire IT infrastructure and critical systems are disabled to investigate the attack and recover the lost data. Without a proper cybersecurity protocol, this could take months, leading to irrecoverable damage to the company. For example, in 2017, the Spanish telecommunications company Telefonica was attacked by a ransomware breach, leading to its IT department temporarily shutting down all computer and VPN systems to limit further damage.

Once security has been breached, a variety of private data can fall into the hands of those with malicious intent, including that of the company’s clients. This means names, addresses, phone numbers, emails, and even financial information, leading to identity theft. If a client knows that a company failed to protect their personal information, they will be extremely unlikely to do business with them again due to loss of trust, which can develop into a negative public reception extremely quickly once the situation becomes publicly known. Negative reception leads to severe financial loss for the organization at fault, even with proper damage control. A clear example is the 2017 Equifax data breach, in which over 140 million people were impacted and in total cost $380 million in compensation funds. Some businesses may even face bankruptcy after a cybersecurity attack.

Following a data breach, a company’s reputation and financial situation are likely already in shambles. However, this is far from the end of such consequences. It is not uncommon for them to face legal ramifications as well, finding themselves in a civil lawsuit. According to a 2003 California law, victims can sue up to $750, and a state’s attorney general can sue up to $7,500 per victim. Upon receiving knowledge of a data breach, companies are also required to notify the affected parties “without reasonable delay” and “immediately following discovery,” with failure to comply resulting in even harsher penalties. For example, in late 2018, Facebook underwent a cybersecurity attack that resulted in the unauthorized access of 6.8 million users’ personal photos and was nearly two months late in reporting the breach. As a result, the company now could now face up to $1.6 billion in personal liability fines. Having cyber liability insurance ensures that damages incurred as a result of security breaches are covered by a third party, limiting the business’s liability. Additionally, it is much wiser to obtain insurance prior to an incident than to invest in recovery services after a breach. Without this, major losses would have to be covered with the company’s own funds, causing financial turmoil and likely bankruptcy. Hence, some industries are required by law to have cyber liability insurance, such as financial and healthcare-related companies.

Navarra Insurance has experience in a wide array of industries, such as transportation, risk management, construction, energy, and landscaping. With over 30 years in the insurance business, we offer various policies to cover virtually every aspect of our clients’ needs. These policies include but are not limited to Subcontract Management, Experience Mod Projection & Rating Cost Containment, Business Fleet/Automotive Safety & Coverage, Safety/Loss Control, Contract Review, Audit Advocacy, Bonds, and Cyber Liability.