There has been an ongoing fight over how to define employees for the past few decades. As technology has re-shaped the workforce, this fight has gotten more intense. State and federal governments have struggled to set clear lines dividing independent contractors from employees for a number of purposes, including taxation and the application of workplace benefits. These benefits and taxes add on average 20% to 30% to the cost of hiring and paying a worker.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
How much would it cost your business to shut down for a week? How much would it cost your business to shut down for a month? Employees unable to get work done, unable to complete sales orders or deliver products to your customers? For some businesses, the answer to that question can be in the millions.
The clash between the stringent privacy requirements of HIPAA and the known vulnerability of most cyber systems creates a host of anxieties for most modern medical care providers. The Health Insurance Portability and Accountability Act requires that medical providers and insurers take reasonable precautions to ensure that the medical information of their patients remains private. At the same time, it is increasingly apparent that almost all cyber information systems have at least a few vulnerabilities, even if only through their users, and few systems can withstand a dedicated, concentrated cyber assault.
Wire transfer fraud claims resulting from cyber attacks have increased dramatically over recent years, and companies are losing millions of dollars in these attacks. As is common when a new business risk develops, organizations look to their insurance policies to help cover their losses. As we have shared in previous examples, the coverage is not always adequate.
The extent of coverage for a company that has been a victimized may be sparse, and the costs of any breach are ongoing. Consequences of a fraudulent wire transfer depend not just on the specific wording in the policies a business has purchased, but as seen in the following instances, also being upheld differently in different states.
Social engineering attacks continue to represent a significant attack vector on U.S. businesses. The frequency and cost of these attacks keep increasing. Businesses need to protect themselves or they could be facing large losses. While people tend to view hackers as computer whizzes exploiting technical flaws in software code, the reality is that over 95% of attacks focus on exploiting human weaknesses, not technological ones.
Class action lawsuits present numerous challenges for both defendants and harmed parties. The costs of such lawsuits and the situations in which lead plaintiffs bring them often mean the only ones that benefit from them are the attorneys on both sides of the aisle. While legislators seek to remedy some aspects of class litigation, these suits continue to expand. Recently, they have expanded into the area of cyber crimes and data breach litigation.
Many businesses remain hesitant to purchase cyber insurance policies. Studies show fewer than a third of a businesses within the United States have specific coverage for their cyber risks. Yet losses resulting from those risks can easily reach catastrophic levels. This has left underinsured companies searching for unique recovery theories under their traditional insurance policies when suffering the types of losses that cyber insurance would cover.
Whether to purchase cyber risk insurance remains a big question for many companies. Recent studies have shown that only a quarter of U.S. companies currently have cyber risk insurance despite more than half of companies stating they expect to suffer a breach within the next year. These positions seem inapposite, but they appear to stem from doubts about the effectiveness and the extent of cyber coverage given its price.
Another major data breach at an American company worth billions of dollars has served to heighten cyber security concerns in businesses of many sizes in many countries. Equifax announced in September 2017 that a massive theft of data from their system had occurred. The failures of Equifax's cybersecurity team resulted in hackers obtaining the personal information of over one hundred and forty-five million of the people whose credit history Equifax tracked.