FTC Guidelines for Small Businesses
Posted in Brokerage
Author: Travis Lankerd
As of late, it certainly seems that high-profile data breaches and cyber events appear almost on a weekly basis in the news or other current event sources. Cybercrime is at an all-time high as hackers, and bad actors grow increasingly adept, and continually discover revenue streams stemming from the theft of stolen data & information. While the threat increases and the safety of consumers’ private information hang in the balance, the need for cybersecurity and risk management controls is massive for not only corporations but small business owners alike.
So – how do we improve? How can we educate so many businesses that are at risk? ‘Think Globally, Act Locally’ is the approach a large number of insurance agents and brokers have taken as their reach only goes so far. However, when an entity such as the Federal Trade Commission (FTC) praises the value of cyber liability insurance, there is hope that the broader audience may catch on.
The FTC recently published guidelines for businesses considering cyber insurance. CFC Underwriting sums up the guidelines in their article on the announcement below, but you can also view this content on their website by clicking here.
FTC Publishes Guidelines for Businesses Considering Cyber Insurance
Recognizing that cyber insurance is a valuable risk management tool but that policies can vary widely, the FTC’s list of important coverage points that they think customers should look for in a cyber insurance policy. These include:
- Access to a 24/7 breach hotline;
- Incident response costs, such as computer forensic services, legal counsel and customer notification and call centre services;
- The cost of recovering or replacing lost or stolen data;
- Income loss due to business interruption following a cyber incident;
- Cyber extortion and fraud;
- Third party coverage, such as payments to consumers affected by a breach, litigation costs, and losses related to defamation and intellectual property rights infringement.
The guidelines provide a good starting point for those businesses that are looking to buy a cyber insurance policy, and the good news is that CFC’s award-winning cyber policy fulfills them all.
However, we think it’s important to note some coverage areas that are particularly worthy of attention:
- Access to incident response support is absolutely vital for smaller businesses that typically won’t have support in-house. A good policy will generally pick up all of the costs involved in responding to a cyber incident in real time, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security, and the cost associated with having to notify any individuals that have had their data stolen. One of the most important aspects of a cyber policy is that it provides access to the right specialists as well as paying for their services.
- The importance of cover for the electronic theft of funds is becoming increasingly apparent, especially for small businesses. This area alone was responsible for 26% of CFC’s cyber claims by volume in 2018. These common scams are an incredibly quick way for businesses to lose tens, and even hundreds, of thousands in just a few minutes, so brokers and their clients should be on the lookout for affirmative cover for this.
- Similarly, cyber business interruption is now a major risk for most businesses. We’ve seen a consistent increase in the number of cyber business interruption losses year-on-year for the past five years, but there is a lack of standardisation around business interruption in policy wordings, with a wide range of different approaches being adopted by insurers. Our latest policy contains market-leading business interruption that can be triggered by both cyber events and system downtime, and covers the full supply chain.
The FTC is right to point out the value of cyber insurance for businesses. In many cases, it is one of the only ways to ensure a business’ survival of a severe cyber event, now evermore common. Today, there are a wealth of options to buyers considering this important cover. The FTC’s guidelines are a good place to start when trying to find a well-rounded policy, and we’re proud that CFC’s policy fulfills these and more.
Further resources:
- To find out what CFC’s policy covers, read our cyber policy brochure
- For an overview of cyber insurance, read our handy guide
- For more business interruption, see our three part series on the subject
In Closing…
Cyber risks will not be slowing down anytime soon and will only continue to evolve and adapt. It is paramount that business owners are educated and vindictive when it comes to cyber threats posed against their business.
Beginning with a reflection on the enterprise risk management and information security plan for a small business, considering the addition of a cyber liability insurance policy may prove to be beneficial to protecting the assets of not only the entity itself but its greatest asset – its customers. To learn more about cyber liability insurance, take a look at our recent video series. The below video is a great primer but you can dive deeper into the series by clicking here.