Unless you’ve totally unplugged from all news media and the internet over the past week, you’ve heard of the Heartbleed bug. The Heartbleed bug (it’s not a virus) is a vulnerability in the OpenSSL library, the software that makes your website and other sites secure when a person is reviewing banking records, making a purchase from your company, or updating their information or method of payment in their on-line account. Based on the newness of its discovery, it will be weeks or months before there is some type of “official” understanding of the scope of Hearbleed’s reach throughout the internet.
Companies of all sizes are scrambling to determine if they are vulnerable to Heartbleed which could put their secure data, as well as their clients’ at risk. If you’d like to test your website for vulnerability to the Hearbleed bug, go to http://filippo.io/Heartbleed/ where you can run a free test in seconds.
The Heartbleed bug along with the data breaches at Target, Neiman-Marcus, and most recently, Michael’s Stores demonstrate how vulnerable businesses of all sizes are to a data breach. These examples serve as reminders why small and medium sized businesses need to have cyber liability insurance in addition to their general liability coverage.
Cyber liability insurance can include a variety of coverage such as:
- Data breach / privacy crisis management
- Multimedia / media liability
- Extortion liability
- Network server liability
Cyber liability policies provide small and medium sized businesses with protection for claims from people seeking monetary damages resulting from a data breach including:
- The cost to defend suits brought by affected parties
- Failure to maintain reasonable security procedures
- Response expense arising from notifying affected individuals of the breach, providing them with a suite of services to deal with the breach, as well as legal and forensic technology reviews
- Identity recovery
Some insurance companies may provide limited cyber liability coverage within your general liability policy. This is a great time to find out if it’s included or may be added as an optional coverage. If not, there are a number of cyber liability specific policies available through independent insurance agents that are affordably priced.
Not all small and medium sized businesses need cyber liability insurance. However, if you have sensitive client data such as names, dates of birth, and social security numbers you need this coverage. If you are processing electronic payments by credit card, automatic draft, or electronic checks, then you especially need cyber liability insurance regardless of your size.
I received a notice earlier this week from one of the software plugins I use on my website to update to a newly released version. The new version of this plugin patches a potential security hole in their software that could impact my website. Even though I don’t hold any client information on my web site (it’s held in the web sites of rating systems and the insurance companies themselves), or know if this was related to the Heartbleed bug, I’ve updated the system.
As a business owner who relies upon internet based systems, I understand the need for secure systems and protecting client and employee data. There’s a level of trust no small business owner wants to lose, nor be faced with the cost of having to deal with a data breach.
What do you think? Share your thoughts, if you have cyber liability insurance, or questions with me in the comments section of our blog or on our Google + and Facebook pages. I’d love to hear from you!