ROC Weekly Management & Mindset Segment
Is Cyber Security Insurance Worth It For Your Rehab Center?
Most businesses a vulnerable to cyber attacks. Anyone who collects data as part of their business operations is at risk. There are many ways a cybercriminal can access your information. Computers, phones, gaming systems, and smart devices are all potentially susceptible to a cyber attack. These attacks can cause significant losses in a variety of ways, including data loss, business disruption, lost productivity, regulatory fines, and brand or reputation damage.
Cybersecurity insurance or cyber liability insurance helps protects against losses caused by cyber attacks. This typically includes first-party, third-party, and cyber extortion. Depending on the provider and plan, you may also have access to policy add-ons, such as crime policies (i.e. workplace theft) and device cover (i.e. protecting cell phones).
Who needs cyber security insurance?
Businesses need cyber insurance if they handle or store:
personally identifiable information (PII) such as social security numbers
customer or internal financial/payment data
medical information
A business is vulnerable to cyberattacks whenever it:
accepts payments online
accepts credit card transactions
communicates with customers online or via voice over internet protocol (VoIP)
stores personal information electronically
transfers documents electronically
would be harmed from ransomware and a business interruption event
To learn more about protecting your rehab center from cyber attacks, click here.
What does cyber security insurance cover?
Here is a list of the aspects typically covered by cyber security insurance:
Remediation assistance: This refers to all legal fees associated with responding to threats and recovering lost funds, and any reputational damage because of poor security practices.
Business Interruption: Costs associated with interruption to standard operations, such as lost productivity from limited access to an integral computer system and the time investment for remediation and data recovery.
Data breach notification: As soon as you learn there has been a compromise of sensitive customer information, you notify everyone involved immediately, including clients who might get hit with identity theft, banks, and government agencies if involving medical records.
Technology Errors and Omissions (E&O): This is third-party liability coverage for cyber risks introduced by your business to another business.
Breach containment: Breach containment helps limit the damage by quarantining affected computers and locking them down to prevent further intrusions.
Network security audit coverage: This addresses software vulnerabilities found during an audit, including patching and updating systems that hackers might exploit, data breaches, business email compromise, and ransomware.
Third-party indemnification: If a hacker steals your data or malware infects your network and damages other entities, then your insurer would pay those victims on your behalf.
Privacy Liability: This includes the costs of regulatory investigation and remediation following the leak of sensitive personal information.
Credit monitoring: These monitoring services help in case compromised data makes its way into underground markets, like the dark web.
Defense costs: An insurance policy will help cover recovery expenses after a hacker attacks your website or network for nefarious purposes, like ransomware.
What is not covered by cyber security insurance?
While each policy differs, here is a list of aspects that cyber security insurance typically won’t cover:
Property damage
Subsidiary out of your control, including any incident experienced by a subsidiary
Intellectual property losses
Business interruption from systems under the control of third parties
Prior acts or knowledge, such as claims you had knowledge of before coverage
Criminal proceedings, including criminal action, a criminal investigation, or grand jury proceeding.
Preventative measures (ie. backup and recovery software)
Intentional acts by your employees
Considerations for cyber security insurance
To help ensure you understand the policy you have and aspects of policies you are comparing, here is a list of considerations you can make:
Coverage limits: Coverage limits for policies means that companies are responsible for the rest of the financial burden once it has been met. Understanding the financial realities of cyber risk can help you to assess coverage limits.
Unprotected assets: Certain assets and types of attacks may not be covered by your policy. It is important to understand what events you are most at risk for to see which policy is best for you.
Terms and definitions: Be sure to have a full understanding of what is included in coverage, and be sure to seek explanations for vague terms to accurately assess the level of protection of a policy.
Third-party liability: Cybersecurity issues that affect your suppliers or partners can also affect you. Likewise, problems within your own network may spread to others. It is important to understand whether a policy covers you when the attack comes directly or indirectly.
Exclusions: Be sure to have a full understanding of exclusions or terms that invalidate your coverage. Even minor details can compromise coverage.
Security requirements: As a policyholder, you may be required to maintain a certain level of protection and maintain baseline levels of data security. Failing to do so can invalidate a claim. Taking the necessary precautions might also help you get cheaper rates.
What to do if you are compromised
If your computer or device is infected with ransomware, the FBI recommends the following:
Isolate the device and remove it from your network to prevent it from attacking other computers, devices, and access points.
Isolate or power-off devices and computers that have not yet been completely corrupted.
Immediately secure your backup data or systems by taking them offline.
Change all online account and network passwords after removing the system from the network.
If available, collect and secure partial portions of the ransomed data.
Delete registry values and files to stop the program from loading.
Contact law enforcement, such as a field office of the FBI or U.S. Secret Service, to report a ransomware event and ask for assistance.
Consideration: The costs associated with meeting the mandatory data breach reporting requirements of GDPR, CCPA, PIPEDA, and similar data security and privacy regulations alone make cyber coverage a priority for many businesses. Insurance will always be less expensive than what you’ll pay yourself in the event of a breach. Especially when you factor in business downtime.
Tip: Cybersecurity insurance is not a substitute for solid cybersecurity measures, as they only cover what you already have set up. Prioritize strong processes and procedures, then protect them with insurance.
If you are interested in joining the ROC community, please complete this form for consideration: https://tinyurl.com/5btxe39z