We see headlines daily about data breaches involving businesses of varying sizes across all industries, including hospitality. According to the Identity Theft Resource Center, cyber security events increased by 27% last year.
The scale and sophistication of these incidents have led many organizations to conclude that their cyber-security programs don’t match the technological sophistication of today’s attackers according to the Identity Theft Resource Center.
Data breaches happen from hackers, employees, competitors, vendors or other third parties and can be intentional or accidental. It is well documented that even the best security systems are being hacked at an alarming rate. Most recently, there has been an increase in the number of companies who have experienced a cyber breach.
Below is a suggested 4-pronged approach to minimizing cyber risk and identity theft: Avoid, Prevent, Mitigate and Transfer.
Avoid cyber risks by making sure anything sensitive is encrypted, including employees’ Social Security numbers, passwords, etc.
Prevent intruders by deploying strong firewalls and intrusion detection systems as well as developing robust policies and procedures about document handling, storage and destruction. For example, get rid of personal information in a way that can’t be recovered, such as shredding paper files and deleting personal records, and smashing or acid-bathing hard disks.
Mitigate your potential cyber risks by developing an incident response plan in advance. Don’t wait until a cyber breach occurs to create a response and continuity plan. Speak with attorneys, put in place a notification vendor, and public relations firm to mitigate the financial impact on the company. Do table-top exercises annually.
Transfer your risk by examining all vendor, cloud and partner contracts. Do liability agreements ensure that you receive indemnities from them should they cause a breach of your data? Are the damage caps too low for the potential losses? Have you demanded proof of insurance?
Cyber Liability Insurance, also known as Privacy/Data Liability Insurance, is a rapidly evolving product in today’s marketplace. In fact, Cyber Insurance is the fastest growing coverage in the insurance industry, according to the New York Times. The basic elements of a Cyber Liability insurance policy can include coverage for a number of expenses associated with a breach including legal expenses, forensics, notification expenses, regulatory fines and penalties, credit monitoring and public relations expenses according to the Identity Theft Resource Center.
Due to the increasing number of breaches, there are now a wide variety of cyber insurance policies available to market. To help identify your exposures and find the proper coverage customized for your needs, here are some tips to be aware of according to the Identity Theft Resource Center:
- Choose the right insurance advisor: The selection of your insurance advisor is a crucial first step. It’s vital that you purchase your coverage from carriers with long-standing expertise in cyber insurance and claim payout. Working with a broker with expertise in both your industry and the evolving world of cyber insurance can help you make the right decision and ensure you are in good hands.
- There is no such thing as too much coverage – make sure you purchase enough: Cyber claims can be very expensive. As revealed in the 2015 Ponemon Cost of Data Breach Study, the average cost to a company was $3.8 million, more than 15% of what it cost two years ago. Buying too little coverage is a common and costly mistake.
- Exclusions are common, understand what your policy will not cover. Cyber insurance policies can have many exclusions or options to expand coverage. It’s important to understand that you may not always be covered just because you purchased a policy. Work with your broker to understand your coverage options and limitations.
Cyber attacks are one of the fastest growing crimes in the world and most standard insurance policies do not address this exposure. Don’t leave your business vulnerable and unprotected; your insurance advisor can help you conduct an assessment to identify your company’s risk profile and find a coverage plan designed to meet the needs of your company according to the Identity Theft Resource Center.
Robert Fiorito, serves as Vice President, HUB International Northeast., where he specializes in providing insurance brokerage services to the restaurant industry. As a 20-year veteran and former restaurateur himself, Bob has worked with a wide array of restaurant and food service businesses, ranging from fast-food chains to upscale, “white tablecloth” dining establishments. For more information, please visit www.hubinternational.com.