Is your business prepared for a cyber loss? Does the business transmit or store sensitive or confidential electronic data? Is the data encrypted? How and when are records backed up? How secure is the point-of-sale equipment and online card processing? Would downtime from a breach of computer systems result in lost business revenue? What would happen if someone gained unauthorized access to your website or your online (financial or otherwise) accounts? And does your business have cyber insurance coverage?
Cornerpoint helps businesses mitigate cyber risks by developing formal policies and procedures and incident response plans.1 We also draft contracts, indemnity agreements, and disclaimers concerning the handling of sensitive information, provide advice on legal compliance, and advise on appropriate cyber liability insurance coverage.
Twenty years ago, most small businesses did not have to worry about managing cyber risks. But as technological developments have exploded, so has reliance on electronic data, computers, and the Internet, and hackers, cyber extortionists, and other criminals have kept pace with the advancements.
Headline-making cyber attacks are usually those that target big corporations – the more people who are affected, the more likely the event is “newsworthy.” Inconsistent and generally weak disclosure laws, which vary by state, call into question the accuracy of cyber breach statistics. Nonetheless, there is general consensus that cyber risks to small businesses are increasing. According to Symantec, in 2015, small businesses with less than 250 employees made up 43% of all phishing attacks,2 up from 18% in 2011. The chances of a phishing attack against a small business were 1 in 40. Additionally, Washington ranks second nationwide in identity theft complaints.3
Cyber risks can come from within business operations. A lost phone or laptop that stores accessible company data lands in the wrong hands. A click on a phishing link in an email or pop-up that installs a malware program. Cyber risks can also come from outside operations. Unauthorized access to a vendor’s email account allows access to confidential company communications. A cyber attack shuts down or holds hostage a website.
Businesses may suffer intangible property loss, or face liability from customers or other stakeholders. The damage from a cyber attack may include theft of company data (including intellectual property) or employee personally identifiable information (PII). Or, it may result in paralysis of the business’s operations, or an expensive and extensive period of technical investigation and restoration. If a data breach results in unauthorized access or potential access of customer PII or other proprietary information, then notification, credit monitoring, and legal costs can quickly add up. The business’s reputation might never recover.
Standard commercial and businessowners property and liability insurance typically does not provide cyber liability protection or meaningful reimbursement for losses arising out of damaged computer networks, data breach, and cyber extortion. Some businesses may elect optional coverage that can be added to an existing policy, while others may benefit from a separate cyber insurance policy.
Attorney Stacia Hofmann is certified in Cyber Risk Management (2016) by the American Institute For Chartered Property Casualty Underwriters.
The materials provided on this website and on social media, including but not limited to Facebook, Twitter, LinkedIn, and Google+, are for informational purposes only and are not guaranteed to be correct, complete, or current, and should not be relied on as legal advice. Every business’s circumstances are different and no results are guaranteed. Cornerpoint Law does not provide accounting, engineering, or information technology services, but may recommend that your business consult with qualified professionals in those fields. Furthermore, patent law, environmental law, and bankruptcy law are not included in Cornerpoint Law’s practice areas, and Cornerpoint Law refers those legal services to other attorneys.
- We do not offer information technology (IT), computer science, software engineering, or other related cybersecurity services, but encourage businesses to employ or consult with these technical experts. ↩
- In 2015, large businesses made up 35% of phishing attacks, and medium-sized businesses made up only 22%. ↩
- According to the Federal Trade Commission for the year 2014. ↩