Cyber Liability and Privacy Breach ─ What is My Exposure?
There are many moving parts when reviewing Cyber Liability Insurance and Privacy Breach. There are two main components of risk that your business may be exposed to; first party exposure and third party exposure.
First Party exposure means the exposure to your company or organization. Third party exposure means exposure to third parties that you do business with.
Questions to ask yourself to establish what your first party exposure is:
- What non-public, personal information do we have in our system or in paper form?
- How mission critical is our computer system, the internet, our phone system to our business?
- How long could we operate if we could not access the internet?
- Is our computer security up to date? Have all employees downloaded all of the more recent software updates?
- Do we use credit cards to transact business?
Questions to ask yourself to establish what your third party exposure is:
- Do we communicate with our clients, suppliers & vendors electronically?
- What would happen if we infected our clients, suppliers or vendors computer systems with malware?
- Do we house any third party non-public personal information in our computer system, such as SIN, Health Cards? Credit cards? Medical or dental records?
Once you have identified what the risks and exposures are to your business, the next step in the process is to establish an appropriate risk response.
Risk response planning is comprised of four components: Avoidance, Mitigation, Transfer and Acceptance.
Avoidance – You know there is a risk, but you really aren’t prepared to put much time, effort or resources into a response to the exposure
Mitigation – You mitigate the Cyber exposure, by making sure your computer system is up to date with the best security available, for example. Maybe you establish an employee computer policy which could include denying access to certain websites, educating staff about the dangers of opening emails from unknown senders, backing up data on a daily or more frequent basis.
Transfer – You transfer the risk to an insurance company via an appropriate Cyber Liability/Privacy Breach Insurance policy.
Acceptance – You develop risk financing methods to address the exposure. However, acceptance usually relates more to physical and liability risk exposures such as putting funds aside to deal with physical damage to owned automobiles vs buying physical damage coverage from an insurance company… or putting money aside to deal with “slip and falls” on your premises vs including this in your general liability insurance.
An experienced insurance broker can help you identify the Cyber Liability and Privacy Breach exposures your company or organization is facing. They can also help purchase the appropriate insurance policy to respond to these exposures. This is very specialized insurance, so make sure you are dealing with an insurance broker with expertise in this area.