Q: What is the definition of cyber insurance?
A: Cyber insurance is the risk of a data breach as a result of online activities and the use of electronic storage technology. You may be liable for costs incurred by customers and other third parties as a result of a cyberattack or other IT-related incident.
Q: What is cyber insurance coverage?
A: While policies vary, cyber insurance is designed to protect a business or organization from:
- Liability claims involving the unauthorized release of information for which the organization has a legal obligation to keep private or confidential, such as employee, patient or customer records.
- Liability claims alleging invasion of privacy.
- Liability claims alleging failure of computer security that results in alterations of data and defense costs.
- Data Response Services, including legal, computer forensics, notification services, credit and identity monitoring products and crisis management expertise, and the reimbursement to the insured for certain out-of-pocket expenses.
Q: What is a data breach?
A: A data breach occurs when secured information is released to or accessed by unauthorized individuals. The lost data may be employee personnel records, customer financial accounts, or business trade secrets. The incidents pose serious risks for organizations as well as the individuals whose data has been lost or disseminated.
Q: How do data breaches happen?
A: Data breaches can occur by accident or be intentional:
- Exploiting system vulnerabilities. Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
- Weak passwords. Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. That’s why experts advise against simple passwords, and in favor of unique, complex passwords.
- Drive-by downloads. You could unintentionally download a virus or malware by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
- Targeted malware attacks. Attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on your computer. Avoid opening any links or attachments in an email from an unfamiliar source. Doing so can infect your computer with malware.
Q: What data or information do businesses need to secure?
A: Most businesses generate vast amounts of data, which is available and stored on their electronic storage network systems, which may be subject to certain privacy laws:
- Personal information:
- Personally identifiable information (PII): name, address, date of birth, telephone number, email address, Social Security number, zip code, biometric data.
- Protected health information (PHI): healthcare-based treatment information, medical history, health insurance information, including member identification numbers.
- Corporate information: intellectual property, business, contracts, attorney-client privileged information:
- Payment cardholder information (PCI): credit/debit card data, including account numbers, security codes, insurance account information, etc.
- Cyber-based data: web browser history, cookie information, metadata, and IP addresses.
Q: Why consider cyber insurance?
A: Cyber insurance policy augments and supports the business's efforts to recover in the event of a cyberattack. It will provide access to expert resources and financial support through investigation, notification, recovery and post-recovery activities related to a data breach event.