The MOST important thing to understand
The need for Cyber Insurance does NOT necessarily indicate that your IT provider has failed. There are certainly ‘bad’ IT companies out there, but even the BEST Managed Services Providers (MSPs) who provide military grade, up-to-date security are subject to an employee allowing a viral intruder into the system..
85% of successful data breaches and Ransomware attacks are caused by Phishing attacks, wherein cyber crooks fool employees into clicking on a bad link or opening a malware-laden attachment. The best Filtering, Anti-Virus and Firewalls CANNOT prevent that.
IT Support LA provides ongoing user training for our clients. Even that cannot prevent breaches. At one of our clients’ office, a user clicked on a legitimate looking FedEx ‘track your package’ link which was fake - a spoofed email with an authentic logo and appropriate wording. Ransomware was immediately released into his computer. Due to our security measures, the virus was trapped within that one workstation, without an opportunity to infect the larger network. Within two hours, the computer was wiped clean, the data restored from our reliable backup system, and he was at work again.
About a year later, the same employee fell for the same type of Phishing ploy.
It is Not a Matter of IF, But of WHEN
The true test of your IT provider is what happens after the attack. Even huge infrastructures like the City of Atlanta have been crippled for days or weeks, which causes ‘open season’ on their sensitive data files. What happens once your own confidential client information is thrown out there into the community at large?
Liability. THAT’S What Happens.
So Now what? Lawsuits and heavy fines will soon be at your door. Who is going to pay? Civil litigations of this type can force Small to Midsize Businesses (SMBs) to close their doors forever. Depending on the nature of your business, you may believe you are already covered, when in fact, you may not be. For Doctors and Lawyers, Malpractice Insurance is typically found to be wanting in these areas as well.
Consult Your Insurance Agent Today
Do not take our word on this subject: We at IT Support LA are not licensed to sell or even advertise specific insurance products. What we are able to do is to alert you that this IS an issue – a crucially important one.
What We CAN Tell You: It’s Low-Cost Now, but Will Only Get More Expensive!
This is a new type of policy, and therefore still relatively inexpensive. As time goes by, payouts will advise Insurance providers’ ongoing Cost/Risk Analyses, the pricing will surely go up. With the drastic changes in business methodology we have seen due to COVID-19, the lockdowns, and the tremendous upsurge in Cyber Crime profiteering, NOW IS THE TIME to seriously look at Cyber Insurance.
This type of insurance is geared toward covering the cost of recovering from all types of data breaches, cyber attacks and frauds, and any legal claims that may arise as a result of these attacks.
Any policy particulars that address your own business situation need to be discussed with your insurance agent. We can only suggest you look at the issue – not at specific levels and coverages.
IT provider Cognizant, one of the largest global MSPs was itself a victim of a massive Ransomware attack a few months ago. While no figures are yet available concerning any ensuing fines or litigations, Cognizant estimated back in May that they expected the breach to cost them between $50-$70 Million dollars.
That amount of money lost is not closing Cognizant down. How much loss would it take to close you down?
What IT Support LA CAN Do for You
We can assess your Security measures and the reliability of your Backup systems. These are the two cornerstones of the strongest Cyber Attack Defense. For all companies in the Greater Los Angeles and Ventura County areas, with 10 or more users and at least one localized server, we will perform a FREE Network and Security Assessment and deliver you a ‘no-strings’ 10 to 15 page comprehensive report which is yours to keep, with NO obligations whatsoever.
What a 3rd Party Security Audit Does for You
You can take your FREE report to the Insurance provider, to show that you exhibit the least amount of risk involved in insuring your company. Once they see the state of your Cyber Security, and measures you have taken to make it ‘bulletproof’, it only serves to make you a highly desirable insure.
Please do not hesitate to contact your own insurance agent. If you like, we can refer you to a partner company that provides better pricing for IT Support LA clients, as they are supremely comfortable with the unequaled level of security and user training we provide. Regardless of where you look, we strongly suggest that you look into it soon.
Cyber Security Insurance Q & A
Q: How much does cybersecurity insurance cost?
A: That depends on the specific types and coverages a business owner contracts for. We can only give averages based on industry statistics, but insurance requires licensing, and as a Managed IT Services provider, IT Support LA cannot legally give anything that could be construed as a quote – except for items related to the IT support and services industry.
According to a recent report by AdvisorSmith, the average cost of basic cyber insurance in the state of California is $1,430.18 per year, but you need to talk to your Insurance agent, and it would be wise to consult with your IT services provider to sort through policy particulars in terms of types and levels of coverage based on their knowledge of cyber-attack statistics and your own specific vulnerabilities. And make no mistake – even the BEST Managed Services Provider cannot prevent every attack. An untrained employee can read an innocent-looking email and either click a link or open an attachment that unleashes an attack on your system.
Q: Are some businesses compelled to have cybersecurity insurance?
A: No – it’s not like automobile insurance, but that does not mean it’s a choice that should be taken lightly. If your company handles client data, from payment/credit cards/banking to personal medical information, the liabilities – both from government penalties and fines and customer litigation - incurred by a Data Breach can put Small and Mid-sized Businesses (SMBs) into bankruptcy. Even if an SMB survives the suits and fines, once word is out that it mishandled and exposed client data, the ensuing damage to its reputation will, for some time at least, severely hinder the company’s growth and expansion goals.
If your company is a government contractor, there are stringent Cybersecurity measures that must be in place. The government requires its own agencies AND contractors to comply with the standards in the Cybersecurity Framework set forth by the National Institute of Standards and Technology (NIST), and strongly encourages its contractors to carry cyber insurance, but does not require it in writing. As to whether insurance could be a factor in the contract bidding processes, it may be – but that is also not in writing. It may be safe to presume that the government does not want its contractors to be sued out of business in the middle of a government funded project.
Q: Can anyone buy cybersecurity insurance?
A: Certainly, and the insurance brokers and carries will be happy to take the money. It is necessary that businesses of almost any size carry it – although, for example, a gardener working out of his or her pickup truck may not need it as much as a sole-proprietor CPA working out of his or her home – the gardener does not deal with Personally Identifiable Information (PII), whereas the CPA most certainly does. Theoretically, no hacker is going to perform a data breach to find out a consumer’s lawn-watering schedule. There’s no call for that on the Dark Web, where valuable data is bought and sold.
Q: Can you buy cybersecurity insurance without a broker?
A: A few cyber insurance providers will sell directly to the public while most require the purchase through a broker or agent – much the same way you don’t go to the nearest Ford plant for a car - you go to your local dealership. While this practice is not the same as ‘White Label Services’, where a third party sells the original provider’s service under their own ‘label’, using brokers relieves an insurer of the expense and infrastructure of maintaining a retail sales force.
Reinsurance News provides a list of the Top 20 insurance carriers who underwrite cyber risks – some will provide quotes online, but defer to a broker or agent for the purchase, while with some you must contact a broker just to get a quote.
Q: Does cybersecurity insurance cover noncompliance?
A: There is no blanket answer to this. Just as there are different types of compliances, there are certainly varying levels and types of insurance coverage. In California, coverage of this type only has to do with noncompliance with regulations put forth in the California Consumer Privacy Act (CCPA), which affects general Cybersecurity, whereas different professions such as legal have compliances within their own industry that must be met.
Noncompliance penalties can be quite substantial, ranging from $100 to $750 PER INCIDENT – so if you have a data breach effecting 100 clients, you stand to be fined between $10,000 and $75,000, depending on the severity of the noncompliance, based on a range from an inadvertent error toa willful disregard for regulations.
The business suffering the breach is liable. Even if the breach were to be determined to be the fault of the IT support and services provider, the CCPA will not go after them, or even look at that situation – any remedies or legal action would be between the IT support firm and the business breached.
In the final analysis, go over your policy with your insurer to establish whether noncompliance is covered – and to what degree. This is similar to an automobile accident – insurers will look closely at who caused the accident, and the amount covered may depend on the percentage of culpability assigned to the insured.
Q: Does cybersecurity insurance cover fraud?
A: Some policies may, but Computer Fraud Insurance is a separate category, which insures against losses of either monies or securities through the criminal use of a computer. This sub-category is not new – it has been available for many years under the umbrella of most standard Crime Insurance policies which, in the broadest sense, protects the policy holder from losses resulting from any type of crime committed against them.
If a cyber crook empties your bank account after stealing your legitimate account number and password, many banks will not reimburse you for your loss, and this type of theft is not within the purview of the FDIC. Your only recourse is a Crime or Computer Fraud policy.
Your New and Redefined IT Experience Begins with a FREE Consultation.
Give us a call or schedule online today!