Why would an artisan contractor need data breach coverage?
Data breach (or cyber liability) coverage has been one of the hottest topics in the insurance industry over the past few years. Insurance companies and agents alike unanimously agree that this line of insurance coverage is becoming critical for small businesses to protect themselves, but the odd disconnect is that many businesses don’t see the value.
First, let’s start by explaining what data breach coverage is designed to protect. This policy is designed to cover data breach recovery costs such as notifying any person/business potentially affected, good-faith advertising, and repairing security of the system. The coverage is important because a business is held responsible for protecting the personal information it collects from someone else. Most states have already passed (or are passing) regulations for steps a business must take for their clients when a data breach occurs. These regulations typically require formal notification that a breach has occurred to all potentially impacted clients, and typically the business must offer credit monitoring services for those clients for 1 year. Those steps alone can amount to a huge expense.
Most artisan contractors feel like this risk doesn’t relate to them at all, and others don’t realize that they aren’t properly covered. A recent study found that 39 percent of business owners think that data breach coverage is a part of their general liability policy. This thinking is wrong. Occasionally, a business owners package (or BOP) policy will include some minimal data breach coverage, but the limits are so low that the coverage would likely only cover a portion of any claim that existed. Many artisan contractors buy GL-only policies instead of a BOP anyway, because they feel like the extra coverage’s aren’t important for their business … and cyber liability is one line of insurance that is still considered a “luxury” expense.
In fact, one of my clients who is an artisan contractor and does HVAC work expressed himself pretty clearly: “Don’t try to sell me something that has no impact on my business. I don’t keep much information on my clients, and I’m so small that nobody would want to take the time to hack my company.”
That’s when I brought up the Target data breach, which he knew about because he was one of the victims and had to get new credit cards issued because of the hack. What this artisan contractor didn’t realize was that the hackers used a third-party vendor, HVAC company Fazio Mechanical Services, to gain access to the Target system.
The Home Depot data breach also began via a hack of a third-party vendor. In fact, using a third-party vendor is becoming the most common method for as an access point for a larger hack. As an artisan contractor, this is becoming the new risk and larger companies are starting to take notice.
Many larger organizations are now requiring a sub contractor to carry a separate cyber liability policy, along with the more typical insurance requirements (workers compensation, general liability, umbrella, etc.).
Over the next few years, I think getting a data breach policy is not only a necessary way to protect your business, but it is also a great way to separate yourself from the competition.