As businesses have migrated electronically and to online platforms, our interconnected world has made us more efficient than ever.

We process more data than ever before, faster than ever before, to remain more competitive than ever before.

But those benefits are not without risks.

Business infrastructures, networks, customers, and end-users are all subject to an unprecedented level of sophisticated intruders who understand the value of accessing data. We live in a world where the terms hacking, phishing, worms, viruses, ransomware, eavesdropping, denial of service attacks, and other similar illicit actions are commonplace.

Big breaches get the headlines.

For example, in 2017, Equifax was hacked, and nearly 148 million consumers’ names, Social Security numbers, birth dates, addresses, and driver’s license information were stolen.

But every business, big or small, is at risk.

Although firewalls, intrusion-detection systems, cryptographic enhancements, antivirus and anti-spam software, and other countermeasures solve many of these problems, there is still a real and credible threat to the cyber frameworks of businesses.

In short, the target keeps moving, making it impossible to create a perfect cyber-security environment.

Still, as a business owner, you need to do everything you can to protect your critical information and minimize your financial vulnerabilities if you are a cyber information victim.

That’s why you should consider cyber liability insurance.

What is Cyber Liability Insurance?

Cyber liability insurance covers financial losses resulting from cyber events that negatively impact your business.

These impacts may include intentional cyberattacks or other tech-related risks. Coverage can protect business owners from lawsuits following an attack or costs associated with privacy and security investigations that can disrupt a business’s normal course of activities.

Cyber liability insurance can also cover legal services to help meet state and federal regulations, including notification expenses to affected customers following a cyber compromise event. State and federal agency regulatory fines are also generally covered as well as lost income from network outages.

It is recommended for most larger businesses, but small businesses, depending on the nature of their goods and services, can benefit from this type of coverage as well.

Policies vary from insurer to insurer, and most policies are flexible and can be customized depending on your needs.

Also, most policies include first-party and third-party coverage.

Here’s what that means.

First-Party vs. Third-Party Coverage

First-party coverage insures against loss to your data or income or loss of any other aspect of your business as a direct result of a cyber-attack. This may include:

• Loss of funds from theft or fraud.
• Loss of income and costs if your business activities are interrupted.
• Legal, technical and forensic services. Business owners may retain these services to determine if a breach has taken place, the extent of the breach, and how to fix the problem.
• Cyber extortion costs such as when a hacker enters your computer system and threatens to damage your data, introduce a virus, or initiate a denial of service attack unless you pay a ransom.
• Replacement costs for the physical damage to business computer hardware and software.
• Investigation costs related to threats toward your business for future data breaches.

Third-party coverage insures your business against losses that third parties associated with your business have incurred due to a directed cyber event. This may include:

• Coverage for lawsuits or settlements resulting from a data breach.
• Coverage against claims for negligent acts, errors, or omissions.
• Cost to respond to government queries into cyber attacks. This can be especially important if there is a need to retain legal, technical, or forensic professional support.
• External communications costs (notifying customers, clients, employees, etc.)
• Public relations, advertising, or crisis management responses from the data breach.
• Liability costs associated with a breach of employee or customer privacy.
• Ongoing costs for credit or fraud monitoring.

The Difference Between Cyber Liability and Data Breach Insurance

If you’re considering cyber liability insurance, you probably should be aware that there is a difference between that kind of a policy and a data breach insurance policy.

They’re similar, and both offer some of the same benefits, but they have certain limitations as well.

Data breach insurance helps your business respond if there is a PII loss (Personal Identifying Information) or PHI (Personal Health Information). This may happen if a hacker breaks into your network or an employee accidentally loses their laptop containing sensitive information.

Data breach insurance will help pay for notifying customers, employees, and other impacted parties. This can extend to hiring a public relations firm to manage crisis communications and messaging. It also provides coverage so that you can offer credit monitoring services to potential data breach victims.

Policies can be enhanced by adding riders such as business income and extra expense coverage, prior acts coverage, and extortion coverage for times when your data may be held for ransom.

As you can see, there’s overlap, but you should at least be aware that both types of policies exist. Be sure to question your insurer if they carry both so that you fully understand the coverages and exclusions.

How Much Does Cyber Liability Insurance Cost?

The short answer is…it depends.

There are several variables to consider when putting together a policy. These include:

• Coverage limits. The more complex your coverage needs are, the more you’ll have to pay. If you store a lot of data, or you’re a larger, more established business with multiple servers or other data points of contact, you’ll pay more.
• Your industry. If you run your business primarily online and face more threats, you’ll be deemed a more significant risk and pay a higher premium. Healthcare and accounting businesses tend to store the most sensitive and private information, so they are also considered at more risk and will also pay more for coverage. Companies that also engage in many credit and debit transactions or store personal information such as Social Security numbers or birth information are considered to be at more risk.
• Who has data access? If you limit who has access to your electronic records, perhaps only to senior employees or other restricted classes of employees, you’ll be considered less open to breaches, and your premium should be less.
• Existing data security measures. Just like a good driver policy, if you already have things like antivirus software or network firewalls in place, you might be able to negotiate a lower premium.
• Claims history. If you have a bad track record of data security, and that’s reflected by claims you’ve made in the past, you might be subject to a higher premium.

According to insurance industry statistics, in 2019, the average cost of cyber liability insurance in the United States was estimated to be $1,501 per year for $1 million in liability coverage, with a $10,000 deductible.

The average annual premium for a cyber liability limit of $500,000 with a $5,000 deductible was $1,146. The average annual premium for a cyber liability limit of $250,000 with a $2,500 deductible was $739.

You’ll need to check with your carrier to define your needs so that you can get an accurate quote for your unique situation.

Final Thoughts

If you want to do some research, start by talking with your insurance agent who will provide valuable advice and answer questions you’re sure to have regarding coverage and costs.

You can also do some digging online on your own. Take a look at some of the industry leaders who offer cyber security insurance such as AIG, Travelers, The Hartford, Liberty Mutual, and others.

As cyber security insurance becomes more of a mainstream business issue, there are several general insurance industry articles that are excellent sources of information as well.

You can’t deny that 2020 has upended every part of our lives, including how we work.

Working at home was already a trend before the pandemic hit. Companies are now treating this trend as a new way of doing business, and with that come many new issues.

An area that cannot get overlooked is making sure workers have the appropriate security tools and safeguards in place to protect themselves and their companies while working remotely. And, while most companies work electronically, remain vigilant to secure assets on paper.

A reshuffled working world has created new kinds of cyber challenges and vulnerabilities that must be addressed. Cyber threats are real, and there are a lot of bad actors who are always looking for weaknesses they can exploit.

Fortunately, every business owner and work-at-home employees can take steps to become a harder target for criminal activity.

20 Tips You Take to Safeguard Your Cyber Assets

1. Educate yourself. Personal computers not controlled by a company may lack the necessary safeguards to protect against cyber threats. Also, employees may not understand certain actions, such as opening a suspicious file, could create a security breach. Employees may also not have adequate anti-viral software or may not erase sensitive company information from personal devices. It’s up to both the employer and the employee to learn and engage in best practices in these areas. New policies governing work-at-home cyber protection may need to be created.
2. Create a secure technical infrastructure. To create a work environment that protects a company’s assets and employee’s actions, it may be necessary to upgrade or install a new cyber secure system that allows staff to safely work remotely.
3. Understand that employees may be “patching” workarounds to maintain productivity. There’s a lot of pressure on employees to perform during the pandemic, and some enterprising employees may create their ways of maximizing productivity. For example, this may involve transferring company data onto personal devices which could create security breaches. Policies and protections must be put in place to ensure the level of security is not compromised.
4. Implement safeguards that prevent employees from transferring company data while they are connected to the company’s network. Double down on these efforts by also investing in data leak monitoring software.
5. Create a detailed policy that clarifies how employees should handle company information loaded onto their personal computer. As an alternative, a company may provide employees with work computers or laptops with cyber safeguards already installed.
6. Review and/or update all anti-virus protection for work-related computers. Many times, these updates are pre-programmed and automatic when new updates are created. Don’t be cheap when it comes to cybersecurity, either. You’ll want software that is equipped to offer automated remote working security against several kinds of threats, including:
   • Zero-day attacks
   • Malware, spyware, and viruses
   • Trojans and worms
   • Phishing scams, including those sent via email
7. Filter out unauthorized or unnecessary access to the company’s network. Limit user privileges and restrict administrative access to a small group of employees.
8. Discourage employees from using public Wi-Fi networks, which could provide easy access entry points for hackers.
9. Work-at-home employees need to keep all family members away from their work-related computers. There is a greater chance that children will hop on the computer in cramped quarters and could create havoc for the worker.
10. When participating in teleconferences, consider investing in a sliding webcam cover. Hackers have learned how to access webcams without permission, compromising security and privacy. Webcam attacks are a real threat, and hackers may view sensitive documents in the home workspace. Covers prevent this from happening. Also, some videoconferencing software has a “blur background” feature to prevent others from spying on objects in a home workspace.
11. Create a strong company Virtual Private Network (VPN). When more remote computers than ever are connected to company resources, a strong VPN is a crucial safeguard against back door hackers. Be sure to use the strongest possible authentication method, perhaps by using smart cards. Enhance the encryption method for VPN access. Make sure employees update and change passwords regularly. Also, make sure employees are logged on via secure networks.
12. Use a cloud or server storage as a centralized storage solution. It’s a lot safer than storing files locally and creates a safer backup solution to protect against compromised, lost, or destroyed files. These storage solutions also have firewall protections built-in for an added layer of security.
13. Confirm the security of third parties. Most organizations use contractors or vendors to keep their operations running. Often that involves sharing and integrating information and data. At the very least, government agencies and tax authorities must be accessed at some point or another. When organizations assess which controls must be extended to employees to secure new work-from-home protocols, they should do the same for third-party users and connections. If third parties cannot demonstrate adequate cybersecurity measures, consider limiting or suspending interaction until they can.
14. Home networks must be secured. Creating a strong and unique password, changing the SSID, and limiting access to specific MAC addresses are steps you can take to ensure the wireless network is protected.
15. Strengthen potentially weak passwords. The Federal Trade Commission recommends: “Use passwords on all your devices and apps. Make sure the passwords are long, strong, and unique. Use at least 12 characters that are a mix of numbers, symbols, and capital and lowercase letters.”
16. For work-at-home employees who have customer account or banking responsibilities, extra care should be given to maximizing online banking activities. Use only credited software and services to handle funds. Only use platforms and software you are familiar with. If you’re unsure about a particular type of transaction, ask questions first until your concerns have been addressed. When accessing a banking website, make sure you are logged on via a Secure Hypertext Transfer Protocol. This means the URL should include https:// rather than just http:// at the beginning. You should also see a lock on the left of the URL bar of most internet browsers, indicating that website has an authenticated security certificate. Fraudsters may trick at-home employees through email, social media, or over the phone. Be stingy with giving out any banking information whatsoever.
17. To protect your company, ensure work-at-home employees have the best tools possible. This may involve providing stipends or allowances to purchase approved hardware and software to upgrade as needed.
18. Make sure incident-response protocols are in place. When cyber breaches occur, employees must know how to report them and what immediate steps to take. Speed is the key to minimizing potential damage inflicted on an enterprise. Redundant systems should also be in place and ready to act to minimize disruptions to normal business operations.
19. Do not be pennywise and pound foolish. It may cost a bit more to make sure at-home workers have a secure system but consider the alternative if they are breached.
20. Be sure email security is protected. Email is still a primary form of communication, but this form can also be easily hacked and compromised. Phishing scams are as prevalent as ever. To protect against email attacks, do the following:
    • Make sure emails can only be securely accessed via a company’s VPN. This creates an encrypted network connection that authenticates the user and/or device. It also encrypts data in transit between the user and your services.
    • If you already use a VPN, make sure it is fully patched.
    • Staff is more likely to have their devices stolen (or lose them) when they are away from the office or home. Make sure staff devices encrypt data while at rest. This protects email data on the device if it’s lost or stolen. Most devices have built-in encryption, but it still needs to be turned on and configured.
    • Instruct employees how to spot phishing attacks.

Extend Security Policies to Other Types of Records

Even with more robust technology controls and investments in security and infrastructure, employees working from home must still exercise good judgment to maintain information security. This also includes paper security.

Work-at-home employees need to make sure they have access to shredders at home or that they can access shredding bins in their offices onsite as needed. Depending on the nature of the business, other measures for hard file protection should be in place. Any secure document policy should go beyond the cyberworld and extend to paper and computer drive storage issues.

It’s incumbent for employers to set norms for the retention and destruction of physical copies, even if that means waiting until the organization resumes business as usual.

Scammers are everywhere, and they’re continually coming up with new and more sophisticated ways to separate you from your money.

Recognizing this growing threat to consumers, in 2019 the federal government earmarked $15 billion for cybersecurity issues spread out across more than 70 agencies. The funds are being used to stop government security breaches, ransomware attacks, and various types of fraud that can impact millions of Americans.

This doesn’t even come close to fully addressing the problem, but it does help to point out the magnitude of a rapidly growing problem.

Vigilance is the Key

Scammers can come at you a thousand different ways. Your identity can be stolen as part of a significant data breach. A con man could rip you off in a Craigslist transaction. A thief could insert a card skimmer in the pump at your local gas station. A phony online retail site could induce you with a “too good to be true” deal that you fall for.

That’s why you need to adopt an overall philosophy about how you protect your identity and your financial information. Develop a set of guidelines that you won’t violate under any circumstances. Don’t give out personal information over the phone. Do some digging before you buy online. Make sure the government agency or company you’re dealing with is who they say they are.

Also, check your credit report regularly and be on the lookout for bills you don’t recognize that come to you in the mail.

If you set your radar on high and let your intuition play a part in protecting you, you’ll be in far better shape against scammers who want to victimize you.

Be on Alert for These Consumer Scams

Let’s take a closer look at some of the consumer scams you could encounter.

Phishing. Phishing involves a scammer passing themselves off as a trusted entity such as a bank or mortgage company. Their goal is to mislead you into passing your personal information to them, which they’ll then use to commit crimes.

Malware. If you visit a lot of websites, sooner or later you may fall prey to malicious software loaded on your computer. The software will scan your entire hard drive for information that could end up costing you a lot of money.

The Prepayment Scam. You’re asked to pay upfront fees to process contest winnings, loans, grants, credit cards, or an investment.

The Charity Scam. You’re contacted by phone, online, by email, or regular mail, asking you to donate to a charity. This is particularly prevalent after a large natural disaster such as an earthquake or hurricane. Stick to mainstream charities such as the American Red Cross or those that have been thoroughly vetted. If you don’t recognize the organization, do your homework first.

The Employment Scam. You’re looking for a job, and you’re extended an offer, but you must first pay for job-related expenses. You could be tricked into buying products up front that you would sell once you begin the job.

Extortion. This is particularly heinous because it involves threatening your life or the lives of your family members. Vulnerable populations are often at risk, including seniors and undocumented immigrants, among others.

Identity Theft. Thieves pose as you using your personal banking information such, Social Security number, or credit card info. These types of identity theft are far reaching and include opening new accounts, making purchases with your information, obtaining medical coverage, filing tax returns, and countless other ways.

The Military Scam. Fraudsters may pose as a member of the armed forces and solicit you for donations for their fake cause.

The Lonely Hearts Scam. With the rise of online dating, you could meet someone online, fall prey to their smooth-talking charms and end up having your bank account emptied before you know it.

The Social Media Scam. Hackers will access your personal information on Facebook, Twitter, Instagram, and other platforms and use what they find to rip you off. They may also be able to access personal information from the people in your network or make highly targeted pitches for money to friends and family.

Telemarketing Scam. If you don’t screen your calls, unscrupulous telemarketers could contact you with “free if you buy today” or “extremely limited time” offers. This high-pressure squeeze tactic can have the unsuspecting transferring money or giving up personal information.

The Children’s Social Security Card Scam. Thieves can obtain the Social Security numbers of children who don’t have any credit history. Their credit reports are seldom monitored, and a scammer can do a lot of damage before any irregularities are discovered as the child gets older.

The Mortgage Scam. Distressed homeowners are often targeted with foreclosure rescue scams, phony loan modifications, and equity skimming. And worse, actual real estate and mortgage professionals may take part due to their intimate knowledge of the home loan industry. It’s easy to get fooled.

Debt Collection Scam. A fraudster may call you posing as a collection agency to collect a debt that you may or may not owe. They may threaten you or put pressure on you threatening legal action to get you to reveal your account information as a means of settling.

What to do if You’ve Been Scammed

Report it. Don’t feel embarrassed if that there’s no hope of recovering what you lost. Scammers hope you’ll think that getting your money back is futile. Don’t fall into this trap. Reporting a scam helps law enforcement officials establish accurate statistics. In turn, this provides direction on where to devote resources. Spotting trends also makes it easier to alert other agencies on what to look out for. Many criminal enterprises extend throughout the country and internationally. If you’re not sure where to start, call your local police department for direction.

Match the enforcement agency to the crime. Some scams are local in nature; others can have far-reaching geographic implications. For scams involving goods and services, start with your state attorney general’s office or state consumer protection agencies. If you’re a scam victim that violates federal law, then you can go to a national enforcement agency. Start with the Federal Trade Commission or the FBI’s Internet Crime Complaint Center. If you are a victim of identity theft, the FTC has a separate website to assist you. For financial crimes, go to the Financial Industry Regulatory Authority to file a complaint.

Accept that you are a crime victim. Do not beat yourself up for feeling gullible. Highly sophisticated thieves have scammed millions of Americans. Focus on taking productive steps going forward, including shoring up access to your personal information. Become a hard target, and it’s more likely bad guys will move on. Work with friends and family to make sure they don’t become victims as well.