It’s no secret that most people don’t like insurance. You are paying high premiums for something you hope you never need, and most of the time you don’t ‘need’ it – but when you do, you’d better have it.

It’s not uncommon for business owners to say, “I already have insurance, and I pay good money for Managed IT Services. Why do I need extra Cybersecurity insurance?”

Is cybersecurity insurance necessary?

While supplemental Cyber insurance is not mandatory, it is wise to have, unless you are that rare professional business that handles no client information or processes no payments. It is an important extra measure in protecting yourself from the legal fallout that you may be subjected to in the case of a security breach.

Any unauthorized intrusion into your network constitutes a security breach – whether it’s an outright data theft, or Ransomware attack. The enforcement arm of the California Consumer Privacy Act (CCPA) investigates security breaches and imposes fines and penalties. The penalties for violations may not look that big at first glance: $100 to $750 per consumer per incident (the level of penalty is determined by the level of negligence), but bear in mind – those fines are for each incident.

Hackers don’t break into your system to steal one client’s personal information – they breach your network to steal ALL of your clients’ information. Including dormant or former clients, how many clients do you have in your data system? While this number can vary depending on the type of industry, everyone has client information – even your landscape gardener will at least have hundreds.

As a conservative estimate, let’s say your company houses data for 200 clients. Now let’s do some math:

Low penalty:      200 x $100 = $20,000
High penalty:     200 x $750 = $150,000

How prepared is your business to foot that kind of bill?

While not typically required for industries operating under additional regulatory requirements, those regulatory agencies can levy harsh fines and penalties in addition to federal and state consumer standards. Supplemental Cybersecurity insurance is a MUST for companies which are regulated by industry-specific agencies. The most common of these are:

HIPAA - Healthcare
CMMC – Government contractors
PCI – Credit card/payment processing
FINRA – Finance and securities

What is the role of IT support?

It depends on the type and quality of IT services you use. Unfortunately, within the IT Support Los Angeles community, the quality ranges from excellent to horrible. There are two main models in which IT services are offered:

1) Managed Services Providers (MSPs).
This is the most reliable model, and even though quality can vary, there is a benchmark of services required to use the MSP title. Typically, everything - unlimited onsite and IT HelpDesk, 24/7 remote monitoring and next-generation security – at a minimum, is included for a monthly retainer fee.

2) Break/Fix: The most unreliable model, which is highly populated with inferior, unqualified practitioners. These ‘IT guys’ get paid by the hour and simply put, when something breaks, they come out to fix it. There is no impetus to fix things quickly or permanently – they need to generate billable hours, and they are not generally proactive with security matters – unless it breaks.

Remember that not even the BEST IT support in the world can prevent an end user from falling for a phishing scam and releasing malware into the system and enabling a system breach. That’s the reason we at IT Support LA strongly urge every business to adopt an ongoing program of Security Awareness Training.

What is used to protect data?

There are a few tools to use, but the #1 is encryption: automatically encoding your data in cryptography. When accessed for work, it appears in plain English, but if stolen, it’s unreadable. IT Support LA insists on this practice for all clients.

In addition, all the usual steps should be followed:

Backup & Disaster Recovery Plan – backups should be non-local (cloud).
Strong passwords
Secure remote connections
Security Awareness Training
Anti-virus, firewall and malware protections
Secure Wi-Fi
Employee access management

Frequently Asked Questions

Q: What are the types of cyber insurance?

Just like any insurance coverage, specifics apply. Choose what you need and be sure it’s included. Wikipedia offers a simple breakdown of the different types HERE. The types include:

Network Security
Theft and fraud
Forensic investigation
Business interruption
Reputation insurance
Computer data loss and restoration
Data restoration

Q: What does cyber insurance actually cover?

Policies vary, but the essential element of Cyber Insurance is that it covers the customer’s cost involved in security failures, from the actual system recovery to legal fees, fines and consumer liability. When choosing a supplemental policy, be very certain it covers you in the way you expect.

Q: What is the average cost of cyber insurance?

It varies with the amount/type of coverage and the state. According to AdvisorSmith, the average cost in the US is $1,485 per year. Not so much when you look at the fines and penalties. With a serious breach, the fines, penalties, and ensuing litigations can put even a healthy company out of business.

Q: How do I get cyber insurance?

Call any business insurance company or broker and they will be more than happy to help you out. If you trust your current insurance agent, then that should be where you start (if you don’t trust them, get a new agent). Your agent should know your business, and an honest broker won’t load you up with coverages that you really don’t need. Many small and non-complex businesses may only need additional data breach coverage, which can typically be added to your General Liability insurance or Business Owner’s policy.

Seek out the experts

IT Support LA is not a qualified insurance agent, but we do know about fines, penalties and the bodies and regulations concerning industry compliance so what we can do is point you in the right. We cannot advise on a specific coverage or policy, but we can educate you on what you need to ask of a qualified, licensed insurance agent. What we CAN do is assess the quality of your network security.

How secure is your network?

We offer a FREE, no-risk Network and Security Assessment. No strings, no obligation.

Just fill out the form on this page or call us at: 818-805-0909