The evolution of technology to become consumer-facing, followed by the real embracing of consumer smart phone technology had a lot to do with raising peoples awareness of data and privacy issues. But anyone who deals with technology, or has been for many many years dealing with security, has always been aware of the importance of keeping people out of the data that they are not supposed to have access to.
So this concept of privacy and data security, is not really new to anyone, it is simply in vogue, right now to speak about it. Fifteen years ago those of us who have been aware of the risks of data, were the "Chicken Littles" of the world. We ran around telling anyone who would listen that, the sky is falling and we have to do something about data security issues and take ownership of the fact that we have "Care, Custody and Control" of other people’s data.
If someone drops their suit at the dry cleaner they trust you to take care of their property, and if someone supplies you with their personal identifiable information they expect you to “care for it”.
So the Department of Homeland Security of the U.S. Government came up with 16 Areas that they refer to as "Critical Infrastructure" ... Examples would include: Agriculture, Transportation, Energy. Financial services is also on the Critical Infrastructure List and that includes and involves all of us ... business esthat house, transfer and create customers personal and financial data. So the way the Federal Government looks at it, we Have Had a responsibility, it is not a new one, we have had it as part of the critical infrastructure of the United States to protect our customers for years.
Fast forward to today, when we speak with clients and they ask us, do I need cyber-liability coverage insurance, we ask them this question:
- “Do you have customers?”
- “Well then that qualifies you..”
The second question we ask them is:
- “Are you part of the critical infrastructure, one of those 16 areas?”
- “Then you have not only a moral obligation but a federal obligation to protect and keep whole, your responsibilities to the country. And the country has regulations that have “teeth” fines and penalties in regards to security.
When customers ask why their small business needs cyber insurance, I love to tell that that because even the largest organizations and the U.S. Government, who are supposed to know the most about protection, can be and have been, breached. That information should say to that that unless they have a big bucket of cash in the bank to protect themselves, post-breach, they need some sort of risk transfer mechanism. So if you need a million dollars to settle a security breach, you better have a million dollars in the bank, but you can buy a million dollars worth of protection for “x” amount in insurance coverage. Transfer the risk because one breach can put you out of business unless you have a big bank account.
For added information, simply click on the links below.