With uncertainty surrounding the outbreak of the COVID-19 pandemic, and the need for everyone to do their part by practicing “social-distancing,” or in many states “sheltering in place” we realize that these are not normal times for Americans. Small businesses have had to scramble and enact contingency plans to keep their employees and workers safe, employed, and productive. The result; public work life has transformed into a virtual remote environment, enacted by the US Government as a matter of personal safety and business survival. This has led to a new, temporary way of employee life, working from home on laptops, desktops, and other personal devices. A semblance of trying to continue everyday job functions until we return to a sense of normalcy. Many work computers are not portable or accessible outside the office, so instead, many are doing work from their home personal computers, and with that comes a huge new potential risk; cyberattacks. Cyber criminals and hackers continue to use sophisticated tools to gain control of personal devices and business operating systems. This blog will summarize why businesses need cyber liability insurance today, what it covers, costs, and how to learn more.
Despite the horrible toll the virus has already taken on civilization and the economy, the cannabis industry, as well as CBD consumer products, have seen a surge in demand (and cash flow from increased sales). Dispensaries are especially busy since being defined as an “essential service.” Many dispensary businesses are trying to find safe ways to operate and protect their workers while meeting medical need and consumer demand for products. Yet with social-distancing and self-quarantines, cannabis dispensaries have needed to shift their focus, protect their workers, and have adapted healthy practices without sacrificing growth. This has led to the business practice of encouraging or mandating customers to place “pre-order curbside pickups” as well as other door-to-door delivery methods, most of which utilize online ordering systems to ensure minimal human contact.
However, as cannabis businesses pivot to ensure patients and recreational consumers can still access products via online orders, savvy cyber criminals have taken note and see opportunity. This became glaringly evident when Bloomberg Business recently reported that Experian, which is considered the world’s leading global information services company, singled out the cannabis industry as being ripe for cyberattacks, and listed it #4 on their list of top 5 predictions for “Top Data Breach Trends for 2020” “…which predicts cannabis in the top 5 threats that businesses and consumers should be aware of to keep their information safe.” These “fresh targets, such as the cannabis industry, will be the most enticing for attacks” and hackers are looking at the cannabis industry and online communities to target vulnerabilities that criminals can use for bad intent. Experian stated in their report that “Many cannabis retailers may not invest in cybersecurity measures as a core part of their business model, but businesses should be taking measures to protect themselves and their customers data.” In addition, “Burgeoning industries, such as cannabis retailers and cryptocurrency entities will be targeted for cyberattacks as a result of online activist or ‘hactivism’.” On the production side, cannabis and CBD manufacturers store digital records of product ingredients. These make cannabis companies vulnerable to cyberattacks. As a form of protest, hackers could try to gain access to controversial companies’ sensitive data due to their prevalence in society and increased cash flow.” https://www.experian.com/data-breach/2018-data-breach-industry-forecast. Case in point, a recent published data breach with a popular cannabis point-of-sale and management software system, used by many dispensaries, was compromised and exposed tens of thousands of customer files with patient names, dates of birth, phone numbers, emails, addresses, medical ID numbers, and other sensitive information.
The cost of a data breach can be potentially tens of thousands, or even millions of dollars depending on the severity. With cyber liability insurance, the old saying applies where “an ounce of prevention is worth a pound of cure.” Take precaution and protect your business before a crisis occurs. Cyber insurance protections can help offset these types of business risks and costs, and are certainly preferable to experiencing a potentially catastrophic and costly data breach, and the mammoth efforts to fix the problem, plus the lingering damage control afterward.
There are five categories of cyber insurance that are designed to protect businesses from risks. These insuring agreements include: network security, privacy, interruption to your business, media liability, and errors and omissions. It generally covers business liability for a data breach involving sensitive customer information, credit card numbers, account numbers, health records and more – and helps your company respond in the event of a cyberattack or data breach. If your network or computer system is hacked into or corrupted by a (virtual) virus, cyber liability insurance can be essential as it helps mitigate risk exposure by offsetting and reimbursing the costs and losses involved after a cyber-related security violation or similar event. In addition, there is an option for cyber extortion, which protects your business against losses caused by ransomware and other types of cyber extortion, mainly for ransom money.
What does cyber liability cost? The average cost of cyber liability insurance in the United States runs about $1,500 per year for $1 million of liability coverage with a $10,000 deductible for a “moderate risk” business with $1 million of revenue. One may ask, is the cost worth it? In short, yes – as the immediate costs of a data breach may be significant, and the hidden or concealed costs can be devastating.
Most companies have taken some proactive measures to ensure proper security policies are in place, and utilize basic software tools, which need to be installed and kept up to date to protect computer users from viruses, spam and malware. But in this new and commonplace age of working remotely, sometimes those front-line company computer firewalls of protection can be eluded and breached by super stealthy hackers targeting individuals working from personal laptops and mobile devices. While cannabis businesses may not even think about a cyberattack, every cannabis-related business should consider the extra protection and have appropriate coverage, which offers several mitigation measures and high limits to protect against cyber-related losses and claims.
About the Author
Peter H. Riskind
Director of Sales – Cannabis & Hemp Insurance
PAK Programs, LLC
(888) 386-5701 ext. 2223
(312) 925-8522 cell
Experienced Insurance Professional and Financial Advisor working with both corporations and individual accounts. Skilled in relationship sales, insurance strategies and solutions, investments and portfolio management, financial planning, and providing excellent customer service.
Securities licensed Series 7 & 66. Insurance licensed in all lines of coverage, including property and casualty, life, health, long term care, viatical, and annuities. MBA degree in International Business & Marketing from Loyola University Chicago Graduate School of Business. BA degree in International Relations from Syracuse University.