“Liability” Is An Action Word, Not Just A Concept

Teaching our children right from wrong has always been a major responsibility for parents, I believe. Once our precious little toddlers reach a certain age, it is time for the often painful (and often loud) practice of showing how “actions have consequences.” Understanding individual accountability for choices made has been a popular topic recently. Sometimes it becomes annoying that these scenarios occur daily from childhood to adulting. Why can’t every day just be fun and easy? For business owners, accountability takes on an even deeper burden, and that is liability. “Liability” is an action word, not just a concept.

“I’m Sorry” Is Not The End of an Acceptable Response, Just The Beginning

From Merriam-Webster, “liable” is defined as obligated according to law. From Oxford Languages, “liability” means the state of being responsible, especially by law. The keyword in both of these explanations is—law. America is a nation of laws, and we are proud of that. Our laws are the underpinning of our society. But “by law” can also be sort of scary, and for a business, it is critical to know how current laws protect you and bind you at the same time. If a business holds certain information about its clients as a result of commerce, then that business is obligated to keep that information confidential. Common sense dictates why some personal information should be protected. Federal laws mandate specific information be kept confidential or penalties can occur if not. These days, starting with “I’m sorry” is just the beginning of a long and potentially painful process to make things right after a malicious cyber-related event.

The Good News: Cyber Liability Insurance

Hope for the best but plan for the worst. This is the bedrock reason for insurance. Once computers and company networks became a part of everyday transactions, cybercriminals became an ever-present threat. Cyber liability has evolved fairly recently over the last couple of decades. Cyber liability, or cyber risk insurance is a financial product that allows you to transfer the costs involved with a recovery from a cyber-related security breach. Such policies can also respond to liability claims and ancillary expenses that follow. Cyber insurance usually covers: data loss, recovery, and recreation; business interruption, loss of revenue because of the breach; cyber extortion, loss of transferred funds, and various forms of computer fraud. It can also cover civil damages (usually class action suits), credit monitoring for customers, and reputational damage (brand aversion that occurs after personal data is stolen).

Sounds Great, Right?! But Here Is The Kicker

There are key exclusions to cyber risk policies. You are not covered if you are sued for potential vulnerabilities in your system prior to the breach. This is the primary reason I keep asking if you know how well your data is protected. Also, you are not covered by insurance for the costs to improve your technology and systems after a breach. And—social engineering attacks are considered special cases and are not automatically included. An example of social engineering is one where an employee is manipulated by fraudulent emails to provide passwords or send money, and this is not considered a computer breach. So we are back to essential and ongoing employee training as a primary defense against cybercriminals. And yes, there will be a deductible.

My key advice to you: buy cyber liability insurance based on coverage and not on cost. It is the right thing to do based on how much confidential customer information you store (Social Security numbers, driver’s license numbers, names, addresses, etc.) If you are not sure how well your system is currently protected or how much you should spend on cyber risk insurance, give us a call at Aptica. We have a local and reputable insurance agency we can refer you to – Gabe Monger at Source One Insurance. We also include employee training in our managed IT services because prevention costs so much less than recovery. We want to make your technology work for you and to be partners in your success.

Jason Newburg, 260.243.5100, ext 2101, is the founder and owner of Aptica LLC. This IT management and support company has been serving small to medium-sized businesses for 19 years in the region that includes Angola, South Bend, and Fort Wayne, IN, Battle Creek, MI, and Toledo OH.