Is your business “Cyber Liable”? Probably.
We don’t want to scare you, Halloween being over and all, but we were talking about “Cyber Liability” the other day- and thought that, if you own a business, you should know this stuff.
If your business does ANYTHING on the web, then you run the risk of being held liable. And, if you think your general liability policy will cover you in the event you are hacked, skimmed, or caught by a phishing scheme, you just might have another think coming. Most general liability policies will NOT cover you in these situations. So, you owe it to yourself, your employees, and your customers to have a chat with your insurance adviser and find out what your business is, and is not, protected against.
But my shop doesn’t hold on to personal information like that, so I’m okay, right?
Not necessarily. For example, if you have employees, then you probably DO hold data on them (in fact it would be hard to see how you wouldn’t). If that data is compromised, then you could be liable.
Also, while you might use a vendor to process & store information about your customers, they are legally the “data holder” NOT the “data owner”—that would be you, and that means you might well be liable in the event of a breach.
Maybe you only process credit card information, but don’t store it? That data could still be skimmed (intercepted and stolen while in transit) and stolen by sophisticated cyber criminals. We recently read a story about a small shop that found a tiny electronic device hidden under the counter – it skimmed data for the better part of a year, stealing the identities of hundreds of customers from this business. They were not happy, and sued the owner for damages.
The US Government has found that it takes over 400 hours just to undo ONE identity theft. They also estimate that it costs a hacked business about $194 per record to fix a breach. This is the kind of time and money that a small business owner cannot afford. In addition to that, both States and the Federal Government are starting to hold businesses legally responsible for data breaches. This means that your business could face additional expenses and obstacles should you fall victim to cyber crime.
We could go on, but do we need to? If you have any doubts about your coverage, it’s probably a good idea to sit down with your local insurance agent and find out where you might be exposed.
