Cyber liability claims are on the rise. Recent breaches against Home Depot, Target and Walmart have grabbed media attention. However, it is not only large retailers who are targets for attack. In fact, the majority of attacks are directed to small businesses. According to a recent study, the average total insurance claim for cyber breaches against small companies is over $600,000 and the average for larger companies is close to $5 million. Are you prepared?
Despite this growing threat, many businesses and professional firms have not prepared for the consequences of an attack. According to a recent survey of nearly 900 attorneys, mid-to-large size law firms have experienced significant increases in the rate of cyber attacks. Nevertheless, of the attorneys surveyed, only 11% confirmed that they had purchased cyber liability insurance, and a majority in larger firms was unaware whether they were covered. Many of the responses indicated that cyber security is not treated as a priority. For instance, over half of the respondents of firms of over 100 attorneys were unaware if a client of the firm had ever requested a security audit.
Regulators and clients alike are becoming less tolerant of companies’ lax cyber security protocol. For instance, the SEC recently filed charges against a financial management company that lost personally identifiable information of clients, notwithstanding that cyber security firms hired by the company to investigate were unable to determine the extent of the damage and none of the victims has reported any financial loss associated with the breach.
Needless to say, professional firms who take a passive approach to cyber security defense risk exposing themselves to significant liability. To avoid exposure, firms must assess whether their current policy provides coverage for cyber-attacks. In addition firms must be proactive in working with technology companies to ensure that their security systems meet the needs of their particular practice and level of threat.