Cyber Liability Insurance is one of the biggest issues we deal with at Founder Shield.  The vast majority of our clients are either straight tech startups or they’re leveraging technology to make their product or service scale.  I think we can all agree that it’s probably impossible to run a startup these days without a website, which itself exposes companies to cyber liability.  And beyond that, almost everyone collects some form of personal information, whether it be through the use of cookies, a client portal, or even a simple contact form…I mean how else are you going to drive conversions without at least a semi-personalized experience?

The point is that it’s really easy to expose yourself to Cyber Liability by data breach that leaks your customers’ or leads’ personal or confidential information.  This much should not be surprising, but what may be surprising is the circumstances under which most of these these breaches occur.  The following graphic (courtesy of the Ponemon Institute) shows what I’m talking about:

founder-shied-cyber-liability-insurance-data-breach-chart

A little scary, right?  When most people thing Cyber Liability, they picture Tom Cruise dropping down through the air ducts in some elaborate scheme, when in reality, most companies these days get slapped with a lawsuit after an employee accidentally leaves his/her laptop in a cab or forgets to log out of your CMS on an untrusted network.  Now there are certainly steps to prevent this type of breach (written company policies re: info security, enforcing a “clean desk” policy, auto-logout features…), but it’s near impossible to completely prevent it.

Another thing to note is that laws have been changing in this area with regards to what information is considered “personal” or “confidential.” In some states (cough, cough…CALIFORNIA), recording and retaining a simple email address can open a company up to liability.

The bottom line is this: if you’re dealing with customer/lead info in any capacity, have processes in place to protect that info.  And then double down on those processes for a second layer of protection.  Make sure your IT infrastructure is secure, and make sure that any 3rd parties you deal with are contractually required to have the same or greater levels of protection.  Once you have safeguards in place, then it’s time to talk to us about cyber liability insurance for your company.

Leave a Reply

Your email address will not be published. Required fields are marked *