This week’s post courtesy of Keith Fuller, Commercial Lines Risk Advisor, at Smith Brothers Insurance.
An energy company executive’s laptop was stolen from a corporate vehicle. The laptop contained significant private customer and employee information. Although the file was encrypted, the overall password protection on the laptop was weak and the PIN for accessing the encrypted information was compromised.
After assessing the nature of the information on the laptop with a forensic expert and outside compliance counsel at a cost of $50,000, the energy company voluntarily notified relevant customers and employees and afforded call center, monitoring, and restoration services, as appropriate. While the additional first-party cost was $100,000, the energy company also incurred $75,000 in expenses responding to a multi-state regulatory investigation. Ultimately, the company was fined $100,000 for deviating from its publicly stated privacy policy.
Cyber exposure is growing and the cost of a cyber breach can be financially catastrophic. Fortunately there are ways you can mitigate your risk and help protect your organization. Assessing your risk and remediating vulnerabilities is one. Making sure you have the right kinds of cyber insurance coverage is critical as there is no protection that can 100% prevent a cyber attack. Some cyber insurer carriers will contribute toward proactive services or offer discounts for clients who have third-party attestation of testing
How confident are you in your answers to these questions:
- In the case of a breach, what is the limit that the current policy has to cover the cost of a breach coach?
- Tell me about how your crime policy covers the loss of money or securities in the case of a breach? (Most do not).
- How does your current procedures confirm wire transfers and double check the authenticity of any requests – including those from senior management?
- What kind of coverage does your current policy provide you for public relations costs related to a breach?
- If a breach were to occur, what support does your current carrier provide to help remediate the breach, including forensic costs to locate the entry point and identify what specific data was affected?
Don’t wait until it’s too late to find out you didn’t have the coverage you need. Make reviewing your cyber insurance coverage one of your proactive cybersecurity steps to protect your assets.