We recently received an inquiry from a long-time client who asked for a summary of our insurances. Normally, this is a regular function of vendor management due diligence by those clients we support in regulated industries – since we are a key vendor that they rely upon, they want to be sure we have adequate coverages in place to protect ourselves, reducing the likelihood an unforeseen event irreparably damaging our ability to continue to conduct business, protecting themselves by association. However, this particular inquiry came with caveat “…so that if we have an issue how we can be compensated through your carrier”.
There is a fundamental factor in this question that needed to be addressed at the outset – our cyber liability insurance covers us – our clients need to have cyber liability insurance to cover their data. While we work to protect, detect, respond, and recover data for our clients, all risk of loss is held by the owner of the data. Our clients own their data – we own our data. Therefore, regardless of the services Suite3 may provide, if a client has a data loss incident, the loss is the client’s to bear.
Because we understand the risks and likelihood of an incident which affects our own data, we increased our cyber liability coverages in the fall. However, our insurance agent said that no more than 20% of the commercial liability clients they work with protect themselves with a stand-alone cyber liability policy.
We are firm believers in having barn doors closed before horses have a chance to get away.
The news is littered with cyber security stories, but unfortunately, they usually only focus on enterprise-level events like the SolarWinds Orion or Colonial Pipeline. However, these events happen at businesses of all sizes, demonstrated by five recent cyber security events experienced by clients in March and April. An event will happen to you, and it’s not a matter of if, but when.
As a result, Suite3 recommends all organizations have separate stand-alone cyber liability insurance policy and we encourage you to talk to your insurance agent about the appropriate coverages for our organization.
Different insurance carriers have different requirements, so it’s critical for your business to obtain professional advice of a qualified insurance agent of your choosing.
All risks involved in maintaining cyber security are held by the data owner. For all business data leveraged by an organization, that risk is maintained by the organization. Suite3 is here to guide and advise, but is not responsible for assuming any risk regarding my data.
If you’ve had a policy for a while, be aware that changes occur over time. Talk to your agent, and be sure the coverages in place are appropriate for the current cyber security landscape.