NFIB: More than Half of U.S. Businesses Have Experienced Cyber Attack
EDITOR’S NOTE: The following blog post was delivered by the National Federation of Independent Business
A recent survey of business executives by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, shows that 53 percent of firms have experienced a cyber attack in the past year. Of the hacked companies in the last 12 months, 72 percent spent over $5,000 to investigate each cyber attack, restore or replace software and hardware, and deal with other consequences. More than one-third (38 percent) of the hacked businesses spent more than $50,000 to respond; 10 percent spent $100,000 to $250,000, and 7 percent more than $250,000, as cited in the survey.
The survey also shows that seven in 10 executives are concerned that data would be destroyed as a result of a cyber attack and 62 percent were concerned about equipment damage. Indeed, the most common result of a cyber attack for a business is loss data followed by business interruption.
Malware (53 percent) and viruses (51 percent) were the most common types of cyber attacks, according to survey respondents. Businesses and institutions also experienced distributed denial of service (DDoS) attacks (35 percent); ransomware (29 percent); cyber extortion (25 percent) and social engineering (13 percent).
As a result of the rise in incidents, as well of the awareness of the extent of damage a cyber attack could wreak on a business, more and more are not only purchasing Cyber insurance coverage but also increasing the level of coverage they have. The increase in the Cyber market is underscored by a 2017 RIMS Cyber Survey, which shows that organizations are buying more insurance.
Cyber Liability Insurance
Cyber coverage can be designed to respond to both first-party and third-party losses with a policy tailored to include the following:
First-Party Coverage
- Brand Protection/PR Expenses: Designed to help a business communicate to customers, business partners, and the public in response to news of a data breach in order to try to prevent and limit lost business.
- Breach of the Network: Includes both remediation expenses and notification costs to customers and/or patients whose data may be compromised.
- Cyber Extortion: Covers the ransom to a cyber criminal who accesses and encrypts data and is demanding payment to stop or prevent an attack.
- Business Income and Extra Expense: Covers lost profits and extra expenses following a data breach.
Other first-party coverages available include data restoration expenses, computer fraud, or fund transfer fraud.
Third-Party Coverage
- Breach or Loss of Data: If data is lost, this coverage will respond in the event a suit for damages is filed.
- Media Liability: As on-line information increasingly replaces traditional sources such as newspapers, TV, and radio, losses due to infringement are possible.
- Regulatory Investigation/Fines: Covers the legal, technical or forensic services necessary to respond to governmental inquiries relating to a cyber-attack; also provides coverage for fines, penalties, investigations or other regulatory actions.