HomeCyberAbout UsInsurance ProductsNews and EventsContact Us

Information security is a critical issue, and cybersecurity risks are here to stay. Organizations operate in environments that require data security including protecting confidential and proprietary information, documents and data. Cybersecurity is a core business risk that executive leadership and board members need to understand and manage.

Privacy and network security (cyber liability) insurance is often an essential coverage and an important part of the solution.    

Morris Risk Management recognizes the importance of sensitive data (electronic and hard copy form), intellectual property, media content, personally identifiable information (PII), protected health information (PHI), payment card industry (PCI) information and other intangible and tangible assets. Data is often an organization's most valuable asset especially when customer information is involved.

Cyber crime is the new normal. It is stealthy, silent, persistent and sophisticated, and in many cases cannot be detected. Data breach incidents - intentional or unintentional - can severely damage any organization and destroy many. Breach prevention is often not possible. 

The consequences of a compromise of data can be severe, ranging from negative press, reputational repercussions, bad reviews on social media platforms, loss of customers' trust and business, to financial harm to those whose data is stolen. Expensive litigation (the cost of defending a claim can devastate an organization's assets) and governmental investigations with regulatory proceedings, fines and penalties are possible.

"Cyber insurance is no longer debatable for small to medium-sized business owners and CFOs. The changes in underwriting, and the increases in class action suits, extortion attempts, [plus] gaps in coverage that do not cover data breaches, mean that businesses that don't get coverage now, may not get coverage later.  Most of all your company's reputation is on the line and you can't transfer responsibility" - Drexel University Cyber Insurance Symposium, June 2014 

Cybercriminals - most are professionals - are intentionally focused on preying on small and medium-sized businesses (SMBs). The scale of cyber threats is growing every day and the attacker has the advantage. SMBs are prime targets. Gaining access can help an attacker hack into a larger organization because SMBs often do business with larger organizations and have electronic access to systems and records.

No single technology, or layering of technologies, will prevent cybercrime. Organizations should have a comprehensive risk management strategy, including cyber insurance, human strategies and employee training, building an overall corporate culture of cybersecurity awareness and information security, updated processes and technology. Cybersecurity is about people more than it is about technology although investing in IT infrastructure and security are important.  

Some other areas with growing potential exposures and/or liability are: social media and online publishing, wrongful data collection, business interruption, network security, IT outsourcing arrangements, mobile security/BYOD, extortion, critical infrastructure protection and supply chain interruption.
 
If you don't know your risks then you are extremely vulnerable.