Here’s why and how you can avoid the cost increases due to cybercrime for your business…

Cybercrime is on the rise, so is the cost.  Cyber security underwriters are forced to dig deeper into business practices because many employees remain in a remote working position. For an insurer, the crux is business resiliency and business continuity planning.  COVID-19 has changed many things.  While insurance companies are not admitting it is a COVID exception, they are looking at sub-limiting coverage.  Underwriters are looking at the business model, and they are asking more questions using ransomware questionnaires.  Cyber security companies have been tapped to draft these surveys in their pre-underwriting due diligence.

What this means to you…

This means that you may have more limited coverage in the event of a ransomware attack if you’re not following established industry practices!

Coverage for losses associated with ransomware is available within cyber and privacy insurance policies under an insuring agreement most often termed “cyber-extortion coverage.” The items it covers include (1) monies to pay ransom demands, (2) the cost of hiring experts to negotiate with hackers, and (3) the cost of computer forensics experts who can determine how hackers gained access to the insured’s computer system and then make recommendations on how to prevent future incursions.

Unfortunately, in the actuarial world, this huge uptick in costs and claims means you pay higher premiums.  As you can see, the cost of cybercrime passes right on down to you, the customer.

And that does not address what cannot be covered by insurance–Brand damage; civil damages; and statutory and regulatory fines.

Very similar to Ohio’s Data Protection Act, a HIPAA Safe Harbor bill has been signed into law amending the HITECH Act which will incentivize covered entities’ use of industry-standard security practices to limit liability.

What can you do to limit your costs associated with cybercrime?

Just limit your liability by decreasing your risks, and therefore limiting your costs. Easier said than done, right? Maybe not. While implementing all of the potential changes can be a task, just being on the right path may be enough to protect yourself from the harshest of the rate increases all while meaningfully helping your business be more secure.

You can’t know how to get there until you know where you are. So, to start, try getting a risk assessment done. (Shameless plug: we offer those!) From there any competent risk assessment firm will give you a roadmap to achieve your goals of cyber security risk mitigation. All you need to do is take that first step!

Vanessa Harmon is an experienced attorney in the intellectual property, information technology and services industry. Skilled in Labor Law, Government Procurement, Arbitration, Trial Practice, Federal Grants Management, Data Regulations, and Legal Research..  She is a pioneer in internet law and has worked with small companies to state agencies.  Ms. Harmon is currently the Vice President of Compliance and has been with TechR2 for over 5 years.  TechR2 is the premiere end of life data destruction provider.