What is cyber security?
Cyber security is the process of protecting an organization’s network and computer systems from the unauthorized access and use for the purpose of stealing or destroying vital company information or individual personal identification information and personal health information.
Why has cyber security become such an important topic for businesses?

• The top three causes for a data breach are:

1. Lost or stolen computing devices.
2. Third-party snafu.
3. Unintentional employee action.

• Average time to notify data breach victims is approximately seven weeks.

What is the impact on an organization when a breach occurs?

• When an organization experiences a breach there is an instant loss of customer loyalty and confidence.
• An organization is now in damage control mode to protect its brand and reputation.
• Employees are forced to divert their focus from core activities to crisis management.
• There are unnecessary and lingering expenses like credit monitoring, litigation expenses and potentially fines.

How can an organization protect itself?
There are three main components to protecting your business.

• First is to implement a risk management process that includes having a documented risk assessment and response matrix, a clearly defined response strategy with defined roles for all team members, and a communication plan.
• Second is to ensure the organization is compliant with state and federal laws, rules and regulations like HIPAA, FACTA and breach notification laws.
• Third is to purchase a cyber-liability policy that covers both 1st and 3^rd party losses. These policies cover losses that are excluded from general liability and umbrella policies.

What kind of coverage can be purchased?
There are four types of coverages an organization can purchase.

•  Network Security/Privacy Breach – This covers liability from unauthorized access to digital records and negligence or failure to protect or safeguard confidential data.
• Cyber Extortion – covers the threat to incapacitate your network or website.
• Internet Media liability – covers claims of libel, slander, copyright infringement or other electronic advertising or personal injury.
• First Party Internet Liability – this is business interruption coverage that provides for loss of income and extra expenses due to a network or system shut down.

The types of coverage needed for each organization will vary depending upon the existing exposures and your appetite for risk. We recommend that every organization sit down with their advisor to discuss employing a risk management strategy.
 
Article by Jill Webb, Vice President of CB Insurance, Colorado Springs. See Jill and her colleague, Todd Morris, present at this month’s Entrepreneurial Corner event.