The Internet has opened up a world of possibilities for businesses. It has also opened up companies to more risk (from data breaches) than ever before.
E-commerce companies, by their very nature, are susceptible to cyber attacks. While large, high-profile companies (such as Target) may appear to be at greater risk, small-to-medium sized businesses are not immune. According to a recent study by the U.S. Secret Service and Verizon Communications, Inc., over 72 percent of all data breaches occurred in small-to-medium sized businesses.
Most eCommerce companies have worked hard to minimize cyber risk, including becoming PCI compliant. But that doesn’t alleviate all risk. So how can eCommerce companies lower the risk of liability?
Business Operating Policy (BOP) Insurance
“Every eCommerce business should have a Business Operating Policy (or BOP). The cost is consistently about $500 for a year of coverage, so it’s not terribly significant. This will cover the basic liability for your business, including a home-based business,” offers Scott Scharf, Owner of Catching Clouds LLC, a company specializing in helping multi-channel eCommerce sellers grow their businesses by providing them with current, accurate, and actionable financial information about their businesses. But a BOP may not be enough. “Liability for loss of customer or employee data is not typically covered under a BOP,” notes Scharf.“ If you are an eCommerce business, you should have Cyber Liability insurance that covers a wide range of cyber threats. Companies can work with their current insurance broker but should consider getting a quote from a broker that specializes in Cyber Liability insurance.”
What is Cyber Liability Insurance?
Cyber liability coverage is insurance coverage for liability that arises out of unauthorized use of, or unauthorized access to, electronic data or software within your network or business. Cyber liability policies also provide coverage for liability claims for spreading a virus or malicious code, computer theft, extortion, or any unintentional act, mistake, error, or omission made by your employees while performing their job.
Policy premiums are primarily based on your industry. For example, if you are an eCommerce company doing online transactions and storing data such as credit card information, you are considered high risk for data breach and thus subject to higher premiums.
How to Reduce Premiums
Similar to the “good driver” discount, insurance companies will take into account extra security practices you implement, to lessen the likelihood of a data breach. Extra security practices include:
- Provide strong password protection for servers, apps, cloud services, databases, tablets and laptops
- Conduct regular risk assessments to reveal hardware, software and individual site vulnerabilities
- Create a written IT security policy that identifies critical assets and defines policies for physical security, account management, and backup and recovery among other areas.
- Leverage firewalls, virtual private networks, anti-virus and anti-spam software and secure mobile solutions to secure network access and mobile devices.
The bottom line: Security is a big part of running an online business, and using cyber insurance can help to cover some of your potential liability.