Everyday there is another WikiLeaks purported release of new e-mails or data hacked from some organization. Most recently their favorite target has been the Democratic Nation Committee and Hillary Clinton. While WikiLeaks appears to have gotten their information from the Russians, the data breaches are not always from an external source.
Mossack Fornseca’s Panama Papers exposure of over 11.5 million client documents appears to have been an inside job. You do not have to being secretly helping the rich and famous in hiding money to have your firm not only embarrassed, but subject to large 3rd and 1st party damages. All you need is one disgruntled employee with opportunity, motive, and access to be able to disclose your firm’s client’s most confidential information.
Neither of the above cases appears to have theft of money as the primary motive. It was meant to embarrass the organization.
Or if you organization is impacted by a Denial of Service Attack, such as what occurred with Dyn. In this case it appears that easily obtainable software was used by some disgruntled gamers. What if the attack was directed at your organization or a vendor you use daily making your software systems unusable. How well does your organization function in this day and age without its computer systems?
Many cyber experts state that it is not a question of “if” an organization will have a data breach or cyber-attack, but “when”. What would a Data Breach releasing personal data such as dates of birth, social security numbers, driver’s license numbers, credit card information, medical records, legal records, accounting records, tax records and/or other information entrusted to the organization cost your firm? Release of this information by an organization can open up the organization to violations of HIPPA, Gramm-Leach-Billey Act, or other state privacy legislation.
Some of the excuses we hear as to why Cyber Insurance is not purchased are:
1. It costs too much. While that may have been true in the past, the cost of Cyber/Data Breach Insurance in the past 2 years has dropped dramatically.
2. The application is too complicated/and or takes too long to complete. Again in the past 2 years the applications have been simplified. Also many of the questions asked on the cyber applications are excellent control questions that Law Firms and Accounting Firms need to pay attention to in order to help prevent a Cyber Attack or Data Breach.
3. My Malpractice Insurance will provide coverage. While your malpractice insurance policy may provide some coverage against 3rd party law suits from malpractice claims that resulted from a data breach, it will not respond to their 1st party duties that many firms have due to state and federal regulations. Without Cyber Liability/Data Breach Coverage the firm respond on their own.
4. My Business Owners Policy will provide coverage. Again it may respond to certain types of data breach or cyber attack claims, it may not provide coverage for a Ransomware attack. If equipment is made unusable or records destroyed, the firm will be on their own to restore those records and respond to the attack.
5. It will not happen to my firm. This is kind of like when you tell the teacher that “my dog ate my homework”. You did not really believe the story nor did anyone else.
L Squared Insurance Agency has access to many different Cyber/Data Breach Insurance programs that can be tailored to fit your needs. Contact us today, as tomorrow may be too late.
Contact Me Today
Lee Norcross, MBA, CPCU (616) 940-1101 Ext. 7080 |