Cyber risk watchdog Advisen reports that very few companies have invested in Cyber Liability Insurance, which means that the vast majority of your clients are unprepared for the cost of a data breach.
Advisen's research shows that only 20 to 25 percent of companies with more than $100 million in revenue have invested in this coverage. That percentage dwindles to single digits for small- and medium-sized companies. Why should IT consultants be concerned about low rates of Cyber Risk Insurance?
- Data breaches, security incidents, and cyber attacks are extremely expensive.
- Companies without insurance will have to pay out of pocket.
- Businesses will likely sue their IT contractors to make up for the financial losses they've suffered.
Your client's lax risk management can end up hurting you. When you make a risk management plan for your own financial risk, you'll have to take this into consideration.
Why So Few Businesses Have Cyber Liability Insurance
The truth is that many of your clients still don't understand cyber risk, and some mistakenly assume that data breach damages are covered under a General Liability Insurance policy. In 2011, Sony learned just how wrong that assumption is.
When the PlayStation network was hacked due to a Java vulnerability, Sony thought that these damages would be covered by a GL policy – they weren't. After a long dispute with its insurance company, Sony ended up paying the $2 billion in data breach costs out of pocket.
On the flip side of the coin, Home Depot was wise to invest in a Cyber Risk Insurance policy. As we reported in "Data-Breach-Related Lawsuits Show the Benefits, Limitations of Insurance," when Home Depot's credit card system was hacked, the company was fortunate it a had a Cyber Insurance policy, which paid for $100 million in losses.
Though these examples are of larger retailers, the same lessons apply to your small business clients. Many of your clients will underestimate just how expensive a data breach can be and mistakenly assume that these costs are covered by their other business insurance policies.
IT Consultant Risk Exposure: What Insurance Covers Tech Companies?
When businesses don't take their data security seriously and underinvest in insurance, it's a recipe for disaster for the IT consultant.
If your clients are hacked, your business could be sued for damages related to the incident, including lost profits, damages to the client's reputation, and IT repair costs. So how do you cover these risks? IT consultants should do three things:
- Educate your clients about cyber risk and help them improve their data security training.
- Get clients to invest in Cyber Risk Insurance or add a Cyber Insurance rider to their General Liability Insurance.
- Invest in Errors and Omissions (also called Professional Liability Insurance) to cover your own company.
Errors and Omissions Insurance can pay for lawyers to defend your company and cover the "damages" you owe your clients to make things right.
This coverage is especially important because so few of your clients actually have their own Cyber Liability Insurance policy and could be unprepared for the cost of a data breach. You might not be able to convince clients to spend more on data security, but you can make sure you're protected from data breach lawsuits. For more information on E&O Insurance, see our sample insurance quotes for IT professions.