Small and Medium-Sized Enterprises and Cyber Liability Insurance

The digital age, with its technological advances and access to cyberspace through the Internet, promotes the development of small and medium-sized enterprises (SMEs). But it also brings new risks—such as cyber threats and attacks—that jeopardize the security of the information clients entrust to the owners of small and medium businesses. As part of their operations, SMEs can obtain the following from their clients: personal, health, financial and corporate information. Once business owners receive this information, they have a duty to protect it. In addition, they have a legal responsibility to their customers, for they could bring legal action against the business if negatively affected by security and/or privacy breach. Customer information can be compromised both accidentally and intentionally. But regardless of the circumstances, the business owner’s legal responsibility is the same. Here are some examples of possible scenarios where your customers’ information could be compromised. Accidentally compromised information An employee:

• Either through carelessness or negligence, sends one customer’s information to another.
• Loses their laptop or cellphone, and these devices include customer information.
• Clicks on a phishing email, which enables third-party access to the business’ database.

Intentionally compromised information

• A dishonest employee or a third party (outside the business) illegally captures customer information to extort money from the business, to sell the data to competitors, or for other criminal purposes.

Cyber Liability Insurance for SMEs  As a result of cyberattacks, SMEs can suffer serious reputational damage as well as loss of clients and income. They can also incur in expenses for legal aspects, to recover digital files and for handling the crisis caused by the security and privacy breach. Does a Cyber Liability policy cover these losses? The Cyber Liability policy offers coverage for claims involving the business’ own damages as well as those caused to third parties after a security and privacy breach. Coverage for damages suffered by the business itself includes, among others, payment for:

• forensic investigation
• legal advisor for infringements
• extortion management during the crisis
• customer notification
• public relations experts to handle the situation and mitigate damage to business reputation
• customer credit monitoring service
• monitoring customer identity theft
• business interruption coverage

In terms of third-party liability claims, this policy covers:

• litigation expenses
• regulatory procedures
• investigation related to the breach of security and privacy
• any fine or administrative penalty

These coverages may vary from insurance company to the next and will be subject to each policy’s terms and conditions. Call Popular Risk Services at 787-731-6900 for more information on how you can protect your business. Popular Risk Services is a subsidiary of Popular, Inc. and an affiliate of Banco Popular and is an Insurance Producer duly authorized by the Office of the Insurance Commissioner to manage life, disability, miscellaneous, title, health and variable insurance business in Puerto Rico. Insurance products are not insured by the FDIC or other government agencies; they are not deposits or obligations of, nor are they guaranteed by, Banco Popular de Puerto Rico or its subsidiaries and/or affiliates. Some insurance products may lose their value.