Most firms believe that they will have a cyber-attack in the next year. According to Travelers 2018 Risk index over 52% of businesses consider it inevitable that they will be a cyber victim.
What types of information do you store about clients, vendors and employees? What would a Data Breach releasing personal data such as dates of birth, social security numbers, driver’s license numbers, credit card information, medical records, legal records, accounting records, tax records and/or other information entrusted to the organization cost your firm? Release of this information by an organization can open up the organization to violations of HIPPA, Gramm-Leach-Billey Act, or other state privacy legislation. Most states impose notification responsibilities on firms that have released personally identifiable information.
Some of the excuses we hear as to why Cyber Insurance is not purchased are:
1. It costs too much. While that may have been true in the past, the cost of Cyber/Data Breach Insurance has dropped dramatically.
2. The application is too complicated/and or takes too long to complete. Again in the past 2 years the applications have been simplified. Many of the questions asked on the cyber applications are excellent control questions that Law and Accounting Firms need to pay attention to in order to help prevent a Cyber Attack or Data Breach.
3. My Malpractice Insurance will provide coverage. While your malpractice insurance policy may provide some coverage against 3rd party malpractice lawsuits that resulted from a data breach, it will not respond to your 1st party duties that many firms have due to state and federal regulations. Without Cyber Liability/Data Breach Coverage the firm responds on their own. These responses can be costly. One start-up had their website hacked and the fraudulent credit card charges ran into the hundreds of thousands of dollars. Credit monitoring and notification costs can easily exceed $100,000 depending on the size of the breach.
4. My Business Owners Policy will provide coverage. Again, it may respond to certain types of data breach or cyber-attack claims, it may not provide much coverage for a Ransomware attack. If equipment is made unusable or records destroyed, the firm could be on their own to restore those records and respond to the attack. One law firm felt that they lost over $750,000 of billings due to the extended outage and recovery period.
5. It will not happen to my firm. Denial of the inevitable does not make it not happen.
Contact Me Today
Lee Norcross, MBA, CPCU
Managing Director, CEO
(616) 940-1101 Ext. 7080