Amanda, only four months on the job as the new risk manager of a large manufacturing company, was walking into a crisis management meeting with the company’s senior leadership. The issue was serious: the company had suffered a data breach.
When she entered the conference room, heated discussions were already underway. As she sat down, Frank, the CEO, turned to her.
“Amanda, IT has discovered that we are experiencing a Malware attack as well as a denial of service attack,” he said. “The end result is that a virus is preventing several of our systems from functioning. Clients can’t log into our website to place orders. The malware attack has damaged some important manufacturing equipment. We won’t be able to complete a number of orders as promised. And this equipment will probably have to be replaced. Finance feels this is going to lead to business income losses.”
“Even worse,” he continued, “word has gotten out and clients are already calling to ask what we are going to do. The legal department advised this can’t be good for our image with the public. Last but not least, IT advised that large amounts of critical company data have been damaged. IT estimates they should have both the malware and denial of service attacks neutralized in a few days, but the damage is done. As our risk manager, we want you to take lead with this. What should we do?”
In a calm voice, Amanda stated, “I was concerned this might happen. This is why one of my first steps as risk manager was to purchase a cyber insurance policy with a range of coverages.” She pulled out copies of the policy and passed it around to everyone in the meeting.
“Our policy covers computer attacks caused by denial of service attacks as well as malware attacks. And our form provides coverages for public relations expenses, loss of business income from a computer attack, as well as systems and data restoration costs. In short, this policy should really help us to mitigate the costs and consequences of this data breach. And the coverage should also help us repair and restore our damaged systems and data. I’ll contact our carrier.”
Frank looked at Amanda. “Well done, Amanda. That is what I call good risk management.”
Having cyber insurance coverage is essential for businesses. In fact, a recent study shows that 50 percent of small businesses will suffer a data breach. And a new report shows that the average cost of a data breach is estimated to be $3.5 million. But simply buying cyber insurance isn’t enough. It’s buying the right policy with the right coverages! What if Amanda had purchased a cyber policy that didn’t cover malware attacks? What if their policy didn’t pay for the cost to restore damaged data?
When you’re considering a cyber insurance policy for your business, talk to your independent insurance agent to assure you’re getting the needed coverages to handle a variety of cyber risk scenarios.
The policy coverages described above are in the most general terms and are subject to the actual policy exclusions and conditions. For specific coverage details and policy exclusions, refer to the policy itself or contact an independent insurance agent.