About two weeks ago, I started receiving messages from my friends that someone had hacked my Facebook account because they were receiving “friend requests”. Technically, someone had “cloned” my account and not hacked it because the naughty person didn’t have access to my personally identifiable information.
What this person did was the equivalent of taking a picture of me and telling others that they were me. If they had “hacked” me they would have the ability to do things like open credit cards and loans in my name. While it doesn’t seem like cloning would be an issue, since it’s like using a two-dimensional picture, there is still a possible cyber liability exposure.
Imagine that you and I have a business type of relationship and Cloned Me contacts you and because you think that it’s the Real Me, you provide them with sensitive information that they are able to now use to access your personal information. The Cloned Me cleans out your bank account and goes on an Amazon shopping spree.
Do you have a liability? Possibly, and that’s where the protection of cyber liability insurance comes into play. Even if you are not held liable, you will have to pay for the legal expenses incurred to defend you as well as deal with repairing your reputation. Both of these exposures can be covered by a Cyber Liability Insurance policy.
There is more to cyber liability than just a “breach” or “hacking” Many small businesses believe that if they don’t have a website, or they are using someone else’s platform (such as Facebook or Instagram), then they don’t have a cyber liability exposure. The following examples show how a cyber liability exposure can exist just through email and not from a website or online platform.
Your vehicle is broken into and your laptop is stolen. This laptop had the ability to access your customer management software which has the confidential information of your clients on it.
An employee inadvertently downloaded a destructive computer virus onto the company’s network resulting not only in data loss for your company, but it was also transmitted to a client’s network system and they sustained complete data loss as well.
Someone posing as your payroll provider requested that you set up a new account due to them upgrading their system. They then had access to all of your employee’s data and were able to open credit cards in the names of your employees.
You send a PDF attachment to a client with wire transfer instructions. The next day, the money is not in your account and when you contact the client, they let you know that they wire transferred the funds an hour after you emailed them. The PDF that you sent was intercepted, the wire transfer instructions changed, and the money is now in a foreign bank account.
If you use the internet, you have an exposure.
The average payout for cyber liability claims for a small to medium sized business is $345,000 while the average cost for a ransomware attack for a small to medium sized business is $485,000. I don’t know about you, but my small business can’t afford that size of a loss even if you removed a couple of zeros.
You are probably reading this and thinking that you are too small for a cyber criminal. Well, who do you think cyber criminals practice on? Cyber criminals start with small business because a small business traditionally doesn’t have the same amount of money invested in protecting their systems that the companies like the casinos and Target do. Cyber criminals learn to crawl by attacking small businesses before they start running after the big businesses.
These examples are intended to help explain the coverage issue. All claims will be evaluated by the carrier for final determination.