In honor of National Cybersecurity Awareness Month this October, Ryan Arnoldy shares some information on what every business and person should know to keep data protected. Why is Cybersecurity so important in insurance?: Any business that maintains data on their clients and employees has exposure and has the responsibility to safeguard that data. To better understand how Cybersecurity works we should break down how most Cyber policies are structured. The majority contain what’s called First Party and Third Party liability. First Party provides the insured, or company that purchases the policy, coverage for mitigation, or ‘cleanup costs’, associated with breach. Third Party provides coverage for legal action filed against the insured from the person or company that suffered the breach. Here’s a few quick examples: First Party • Forensic IT Review: Cost for a professional information technologist to review the nature and extent of the compromise. • Notification: Necessary and reasonable costs to provide notification of the personal data compromise to affected individuals or companies. • Services to Affected Parties: Cost to provide credit monitoring and identity restoration services to the affected people. • Regulatory Fines and Penalties: Fines that a government body would impose on you for not taking proper measures to prevent the release of information. Third Party • Data Compromise Liability: Provides coverage in the event you are sued for a breach of personal information. • Network Security Liability: Provides coverage for a lawsuit against you claiming your computer network’s security was not up to standard. In my humble opinion the expensive part comes in the form of fines and notification. Most states have laws in place that require you to notify affected individuals that their information was compromised that you will provide a credit monitoring service. Costs for this can run in the hundreds of thousands of dollars, even for a small to medium size business. Most general lability policies will not cover this. The state of Wisconsin requires notification if any of the following is obtained: • Social Security Number • Drivers’ License Number • Financial account number • DNA profile • Any unique biometric data including fingerprint, voiceprint, retina or iris image. Wisconsin requires any business that suffered a breach to notify the affected individuals within 45 days of discovery. If the breach affected more than 1,000 individuals that business must also notify the major credit bureaus an behalf of each person affected. How does Marshfield Insurance protect its members?: An assessment is provided on each commercial policy upon inception or renewal to determine the extent of your exposure. A recommendation is then made on what level of coverage would be best. We also have free online workshops developed by our carrier partners. These can help our customers understand the full extent of their exposure and the responsibilities they have. What are some basic steps people can take to protect their cyber information?: Honestly, I am amazed by the amount of personal information that people will put on their phones. The easiest way to protect yourself is to limit the amount of stuff you have on your device. Get rid of any contacts, pictures, or emails unless they’re absolutely necessary. If your phone is stolen, and all the above mentioned is on there, a hacker will look at that and know everything about your life in 30 seconds. GET RID OF IT!