Cybercrime is an ever-increasing threat to businesses across the globe. Once confined to fairly rudimentary hacking attacks, cybercrime today is an increasingly sophisticated effort on the part of a growing international community of criminals to engage in systematic intellectual property theft, business interruption and cyber-extortion. And no one is immune.
Consider these examples from this year alone:
- In June, cybercriminals successfully hacked into the ground computers at Poland’s Warsaw Chopin airport, grounding 1,400 passengers and 20 outbound flights.
- In May, a sophisticated syndicate of hackers broke into the database of the U.S. Internal Revenue Service using the IRS “Get Transcript” app. The ring attempted to access the tax returns of 200,000 taxpayers and got away with about half. They then used the information to claim 15,000 tax refunds in other people’s names.
- An April 8, a cyber assault took the French TV station, TV5Monde, off the air for 18 hours. The attack has since been linked to a Russian hacker group known as Apt28, which previously tried to hack into the computers of the White House.
- In February, cyber criminals hacked into the database of Anthem, Inc., one of the country’s largest insurers, and got away with the private information of an estimated 80 million consumers and employees. The thieves obtained access to names, addresses, dates of birth, Social Security numbers, employment information and income data.
According to Allianz Global Security, the estimated cost of cyber crime to international businesses in 2015 will be $445 billion, about half of which will come from the four largest global economies – China, Japan, Germany and the United States.
Governments Respond with Strict Laws and Penalties
In the United States, the Federal Trade Commission, the Federal Communications Commission and state and local governments have the ability to impose fines and penalties against businesses that are victims of cybercrime. Additionally, the U.S. Department of Health and Human Services and the U.S. Attorney General have authority to impose significant penalties against companies that breach HIIPA privacy laws.
The governments of Singapore, Japan and Australia also recently enacted laws that impose stiffer penalties against companies that fail to enforce cybersecurity, and the European Union is about to follow suit.
Private lawsuits against companies that allow data breeches—however unintentionally—are also commonplace. Just last month, Sony Pictures settled a second class-action suit connected to two large cyber crimes that occurred in 2014. The company’s damages in the cases could reach $23 million.
Cyber Insurance May Decrease Your Business’ Liability
Traditional business liability policies and property and casualty insurance do not protect your business from financial loss in the event you and your customers are victims of a cybercrime. As a result, a new form of insurance – cyber insurance—is beginning to emerge. These policies typically cover financial losses that stem from a cyber-attack, including insurable losses due to:
- Civil fines or penalties imposed by a governmental agency and arising from a regulatory action
- Any civil fine or financial penalty payable to a government entity that was imposed in a regulatory proceeding by the FTC, the FCC or any other federal, state, local or foreign governmental entity.
- Claims expenses, such as attorneys’ fees, document preparation and other legal costs
However, the question of which damages are insurable is still open to debate. For example, most business liability insurance policies exclude coverage for punitive damages or penalties for willful misconduct. Additionally, state and local governments may define certain types of penalties and fines as statutorily “uninsurable,” in order to make sure that the business or entity that is found liable for a security breach foots the bill.
Defense and investigative costs, on the other hand, typically are not subject to the question of insurability.
In today’s increasingly interconnected world, no business, no matter how small, is immune to a cyber attack. A single email sent to the wrong address, outdated software on an office computer or unencrypted data stored on a cellphone are all open invitations to cyber thieves. Don’t wait until you’re facing regulatory penalties or a consumer lawsuit. Contact a business insurance expert to discuss your needs today. Call us at 516-292-3780, Monday through Friday from 9 a.m. to 6 p.m. to set up an appointment, or request a free consultation online today.