On May 22, 2015, FBI consultant John Iannarelli addressed the security threats facing small businesses. “The cybercriminal is the 21st-century purse snatcher and pickpocket rolled into one,” he said. He then outlined three reasons why small businesses are particularly vulnerable to cyberattacks:
- Customer data and other information is easier to access.
- Small businesses have fewer financial and IT resources with which to protect themselves.
- PCI compliance won’t stop a data breach.
The threat from overseas hackers, former and current employees, business partners, and even negligence and human error is real for propane marketers, whose technology assets are often more valuable than their property assets. And yet, a recent independent survey reveals chat only 12% of propane marketers have any kind of cyber liability coverage. A remarkable 69% of those surveyed also felt that their company’s exposure to a breach will only increase in the next cwo years.
A security breach can be incredibly expensive. If a data breach occurs at your business, you can expect to pay up to $188 for each personal record compromised.
In addition to the unnecessary headaches, the costs of recovery can include:
- Notifying affected parties and providing free credit monitoring services;
- Hiring an attorney, a computer security expert, and a crisis management or public relations specialist;
- Setting up a toll-free phone number to field questions and concerns;
- Paying legitimate claims against your company and penalties from regulators.
Recently, I talked to a propane marketer in California who was the victim of cyber extortion. His laptop-which contained all of his accounting files and employee information-was simply hacked one day, out of the blue. He opened a suspicious email and his whole computer screen went black. Then a window opened, telling him to send $1500 to a post office box for a code to reopen his computer. A panicked call to the police didn’t solve the problem. A detective advised the propane marketer not to send payment, but the businessman lost his data and had to purchase a new laptop.
Simple training exercises and proper coverage can save the day. While the threat of cyber extortion, credit card fraud, Internet payment theft, and data breaches loom large, propane marketers can do a lot to minimize their risks. It starts with educating your employees about the actions they can take to protect company data, and signs to look for that indicate a potential security breach. If the marketer from California I mentioned earlier hadn’t opened the suspicious email, for example, he wouldn’t have lost all his data.
Proper cyber liability insurance is another simple thing you can do to protect your business. It’s available from many insurance companies, and premiums are about $840 for a company with annual revenues between $2.5 and $5 million. It’s a small price to pay for cyber security.
One caveat: Beware of insurance companies that throw in cyber liability coverage as an afterthought to a property and casualty policy, or as an incentive to buy a “package policy.” Add-on cyber liability coverage can provide false hope for recovery, as it usually doesn’t properly insure against a cyber breach. For example, I recently reviewed a data compromise and identity recovery coverage policy that didn’t cover any fines, penalties, or costs to correct deficiencies, nor did it cover any threat, extortion, or blackmail.
Another problem with attached coverage is that your entire package premium could go up at renewal if you have to make a cyber liability claim. I strongly recommend that every propane marketer buy stand-alone cyber liability coverage from a company that knows the ins and outs of this type of insurance-and knows how to help you if you become a victim. Cyber liability insurance should include coverage for:
- Claims expenses and penalties for regulatory proceedings;
- The expense of properly notifying individuals of a data breach, providing credit monitoring for affected parties, hiring a computer security expert and obtaining specialized legal advice;
- Damages and claims related to your online media activities, ranging from defamation and libel to copyright infringement;
- Crisis management and public relations expenses;
- Threat, extortion, and blackmail.
Frank B. Thompson, CPCU, MBA, co-founded PT Risk Management in 1993 to help solve many property and casualty risk issues he saw in the propane industry.