I keep reading and hearing about cyber-attacks on big companies like Target and Home Depot and started to wonder if this could happen to a small company like mine. Is there some way to cover these incidents with insurance? If so, can I afford to purchase such a policy?
There is an axiom in the business consulting business that there are two types of organizations: those that have been breached and know it, and those that have been breached and don't know about it - yet. Of course you may believe you are in a third category: those that have not been breached yet. It could happen today.
Maintaining security of electronic systems and the private information therein is a huge concern these days. A breach of your systems and loss of private information is only one type of "cyber exposure" faced by your business. Here are some examples of incidents that could cause you some financial heartburn:
- A hacker gains access to customer information stored on your server, including credit card numbers. Federal and state laws, as well as genuine concern for your customer relationships, require you to notify customers affected by the breach, provide credit-monitoring services, pay expenses and losses incurred by customers, respond to media inquiries about the breach, determine what led to the breach and fix the conditions that allowed the breach to happen in the first place.
- An employee sends a customer an e-mail attachment containing a virus that destroys the customer's computer system. The customer sues you for damages caused by the virus transmission.
- A competitor sues you for alleged financial harm incurred as a result of material displayed on your web site, including defamation, disparagement and infringement of trade dress.
- An employee opens an e-mail attachment that introduces a virus into your computer system and causes a total shut-down of your e-commerce activities for a number of days.