“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” – Donald Rumsfeld

Former Secretary of Defense Donald Rumsfeld’s quote is from more than 15 years ago, but certainly applies to many aspects of today’s world. In my opinion, there’s no current area of business risk where this statement holds true more than the world of data privacy and information security. The proliferation and sophistication of cyber-crime is rapidly changing and creating new challenges for business owners and individuals in our tech-savvy world. Hackers are constantly coming up with new methods to gain access to our information and attempt to capitalize on its vulnerability and market value. Attacks target companies of all shapes and sizes. Companies do their best to keep up with the new threats and fight an everlasting battle.

Below are findings from a couple of recent studies that illuminate the potential risks created by our technology and information driven world.

• The 2017 IBM and Ponemon Institute’s Cost of a Data Breach Study estimates that the average data breach costs companies $7.4 million (up 35 percent from the average of $5.5 million five years ago in 2012).
• A 2017 study between Cyence and Lloyd’s of London found that cyber-attack losses rival the scope of a major hurricane. Their extreme loss simulations estimated losses reaching $53 billion in just 2-3 days.

While there’s no replacement for robust cyber security and training programs at your organization, cyber liability insurance is proven to be a critical component of your enterprise risk management program. Not only does cyber insurance provide coverage for many of the costs associated with a cyber breach, but it also unlocks a world of valuable resources. These resources are elements of cyber liability insurance that are often overlooked and misunderstood. Many companies cannot withstand the costs and the negative consequences of these events on their own. The difference between your organization surviving a cyber breach or succumbing to its devastation could be the aide provided by breach response experts.

The development of the cyber liability insurance market has brought about a number of advantages for businesses. Terms and conditions of the cyber insurance policies themselves have been broadened significantly to provide more usable coverage within the past few years. New coverages are created as carriers and their insureds learn from breaches and as regulators pile on additional standards. Often as important as the terms in the policy are the resources the carriers and brokers provide prior to and in response to cyber incidents and breaches. There are networks of highly skilled firms that specialize in various areas of expertise. Each group of specialists provides services to help ease the burden of cyber events. Let’s take a look at a few of these specialists and how they can help you:

• Agents/Brokers — These individuals help you understand your exposure and tailor insurance programs to meet the unique needs of your organization.
• Insurance Carriers — Carriers help you transfer liability to the carrier as a third-party via insurance contract. Coverage provides balance sheet protection, and often times, policies provide access to and pay for pre-qualified breach response experts and vendors.
• Breach Coaches — These specialized attorney firms help navigate the turbulent waters after a cyber breach. You gain legal privilege by working with these firms, and they’re experts in handling cyber events and coordinating the specialists on this list to mitigate exposures to your organization.
• Computer Expert/Info Security/Forensics Firms — These are information security experts who determine the extent of the breach and provide remediation services.
• Notification/Call Centers/Credit Monitoring/Identity Monitoring Services — These are professional firms that provide services required in the event of a breach. Many of these services are required by various state and federal laws in the event of a breach.
• Public Relations — A firm will provide crisis management communications that help with loss of reputation and consumer confidence. What you say as well as how and when you say it matters.

Cyber liability insurance is an important part of an information security program and gives your organization a helping hand with the access it grants you to cyber experts. Make sure to incorporate these experts into your incident response plans and do your research on which firms best fit your organization’s needs. Planning is critical, not only to ensure events are handled properly but also to help your organization avoid additional liabilities from third parties. If you’ve planned properly, you will not be alone when an incident occurs and you will be in a better position to minimize damage. That’s right, when an incident occurs, not if an incident occurs, because it will happen.

You don’t have to go at it alone. Keep experienced allies in your corner and strengthen your team. If you have any questions on how to get started, give me a call or send an email. We’re here to help!