Why You Should Have Cybersecurity Insurance

Until they need it, most people don’t like insurance. You are paying high premiums for as a hedge against something you hope will never happen. Most of the time you don’t ‘need’ it – but when you do, you better have it.

It’s not an uncommon sentiment among business owners that they already have insurance, and pay good money for either internal IT Support or outsourced Managed IT Services - so why the need for extra Cybersecurity insurance?

Why do people need cyber insurance?

It is wise to have supplemental cyber insurance even though it is not mandatory - unless you are in some type of professional business that handles no client information or processes no payments. It is an important measure in protecting yourself from the legal fallout that a data breach may bring your way.

A data breach is an unauthorized intrusion into your network – whether it’s a Ransomware attack or outright data theft. The enforcement arm of the California Consumer Privacy Act (CCPA) investigates security breaches and imposes fines and penalties. The penalties for violations may not look that serious at first glance: $100 to $750 per consumer per incident (penalty amount is determined by the level of negligence) but bear in mind – those fines are for each incident.

Hackers don’t breach your system to steal one client’s personal information – they breach your network to steal ALL clients’ information. Including dormant or former clients, how many clients do you have in your data system? While this number can vary depending on the type of industry, everyone has client information – even your landscape gardener and swimming pool cleaner will have it.

Let’s say your company network houses data for 200 clients. Now let’s do the math:
Low penalty:    200 x $100 = $20,000
High penalty:    200 x $750 = $150,000

How prepared are you to foot that kind of bill?

Regulatory agencies can levy harsh fines and penalties in addition to federal and state consumer standards. Supplemental Cyber insurance is a MUST for companies regulated by industry-specific agencies. The most common of these are:
HIPAA - Healthcare
CMMC – Government contractors
PCI – Credit card/payment processing
FINRA – Finance and securities

What to expect from IT support?

It depends on the type and quality of IT services you use. Unfortunately, within the IT Support Los Angeles community, the quality ranges from excellent to horrible, because anybody can open an IT company – no licensing (aside from a basic business license) is required. There are two main models in which IT services are offered:

1) Managed Services Providers (MSPs).
This is the most reliable model, and even though quality can vary, there is a benchmark of services required to use the MSP title. Typically, everything - unlimited onsite and 24/7 remote monitoring and repair. Next-generation security should be included, with everything covered for a monthly retainer fee.

2) Time & Materials (Break/Fix): The most unreliable model, which is highly populated with inferior, unqualified practitioners. These ‘IT guys’ get paid by the hour and simply put, when something breaks, they come out to fix it. There is no impetus to fix things quickly or permanently – they need to generate billable hours, and they are not generally proactive with security matters – unless it breaks.

Not even the BEST IT support in the world can prevent an end user from falling for a phishing scam and releasing malware into the system and enabling a system breach. That’s the reason we at ITFirm.com strongly urge every business to adopt an ongoing program of Security Awareness Training.

How do I protect files and data?
There are a few tools to use, but the #1 is encryption: automatically encoding your data in cryptography. Data appears in plain English when accessed for work, but if stolen, it’s unreadable by the thieves. ITFirm.com insists on this practice for all clients.

In addition, all the usual steps should be followed:
Backup & Disaster Recovery Plan (Part of a Business Continuity Plan)– local and cloud backups.
Strong passwords
Secure remote connections
Security Awareness Training
Anti-virus, firewall and malware protections
Secure Wi-Fi
Employee access management

Frequently Asked Questions

What are the types of cyber insurance?

A: Specifics apply - just like with any insurance coverage,. Choose what you need and be sure it’s included. Wikipedia offers a simple breakdown of the different types HERE. The types include:
Network Security
Theft and fraud
Forensic investigation
Business interruption
Extortion
Reputation insurance
Computer data loss and restoration
Data restoration

What does cyber insurance actually cover?

A: There are various policies with different levels of coverage, but the requisite element of Cyber Insurance is that it covers the customer’s cost involved in security failures, from the actual system recovery to legal fees, fines and consumer liability. When choosing a supplemental policy, be very certain it covers you in the way you expect.

What is the average cost of cyber insurance?

A: Depending on the amount/type of coverage and the state, the costs can vary. According to AdvisorSmith, the average cost in the US is $1,485 per year. When you look at the fines and penalties that doesn’t seem like much money. With a serious breach, the fines, penalties, and ensuing litigations can put even a healthy company out of business.

How do I get cyber insurance?

A: Call any business insurance company or broker and they should be more than familiar with cyber insurance (if they aren’t, move on to one who does) and they will be happy to help you out. Your current insurance agent should be where you start. Your agent should know your business, and an honest broker won’t load you up with coverages that you really don’t need. Many small and non-complex businesses may only need additional data breach coverage, which can typically be added to your General Liability insurance or Business Owner’s policy.

Seek out the experts
ITFirm.com is not a licensed, qualified insurance agent, but we do know about fines, penalties and the bodies and regulations concerning industry compliance so what we can do is point you in the right direction. We cannot advise on a specific coverage or policy, but we can educate you on what you need to ask of a qualified, licensed insurance agent. What we CAN do is assess the quality of your network security.

How secure is your network?

As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.

The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.

We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

Planning an Office Move?

Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:  704-565-9705