Jan 11
Small and Medium-Sized Enterprises and Cyber Liability Insurance
January 11, 2020
The digital age, with its technological advances and access to cyberspace through the Internet, promotes the development of small and medium-sized enterprises (SMEs). But it also brings new risks—such as cyber threats and attacks—that jeopardize the security of the information clients entrust to the owners of small and medium businesses.
As part of their operations, SMEs can obtain the following from their clients: personal, health, financial and corporate information. Once business owners receive this information, they have a duty to protect it. In addition, they have a legal responsibility to their customers, for they could bring legal action against the business if negatively affected by security and/or privacy breach.
Customer information can be compromised both accidentally and intentionally. But regardless of the circumstances, the business owner’s legal responsibility is the same. Here are some examples of possible scenarios where your customers’ information could be compromised.
Accidentally compromised information
An employee:
- Either through carelessness or negligence, sends one customer’s information to another.
- Loses their laptop or cellphone, and these devices include customer information.
- Clicks on a phishing email, which enables third-party access to the business’ database.
- A dishonest employee or a third party (outside the business) illegally captures customer information to extort money from the business, to sell the data to competitors, or for other criminal purposes.
- forensic investigation
- legal advisor for infringements
- extortion management during the crisis
- customer notification
- public relations experts to handle the situation and mitigate damage to business reputation
- customer credit monitoring service
- monitoring customer identity theft
- business interruption coverage
- litigation expenses
- regulatory procedures
- investigation related to the breach of security and privacy
- any fine or administrative penalty