Navigant's Cyber Risk and Information Security PracticeLearn More

Blog

Three Steps to Preventing Cyber Security Losses at Your Business26 May 2015

By
Cyber Insurance, Risk Management

Matt BergmanNote: Cyber security is a large and growing source of risk for businesses. So we asked our friend Matt Bergman, an attorney with the law firm Shulman Rogers in Washington, D.C. specializing in cyber security law, to offer some of his tips on how businesses can protect themselves.  

Does your business accept credit card payments from customers? Does it purchase products or services online from vendors or suppliers? If the answer is “yes” to either of these questions, read on.

Virtually every business that has a web site or uses the Internet has already been hacked. Fortunately, most businesses have yet to experience the type of cyber security breach that could cause it to shut down operations permanently. But like the next terrorist attack on U.S. soil, it is not a matter of “if” it will happen, but “when” will it happen.

So, what can your business do to mitigate the risks and ramifications of a data breach when it does happen? Start with these three simple steps:

1. If your business accepts credit card payments from customers, make sure you meet the Payment Card Industry Data Security Standard (PCI DSS). There are 12 requirements for a business to be compliant with the PCI DSS, all of which can best be accomplished by an IT consultant working closely with an experienced information and data security attorney.

2. Have an experienced contracts attorney carefully review all of your business contracts — particularly merchant account agreements with banks and credit card processors, service agreements with third party service providers, and supply contracts with vendors and others in the supply chain of your business operations. Look especially for an attorney who practices cyber security law.

The contracts must be updated to include cyber security-related loss indemnification provisions, data loss and data breach clauses and Internet security protocols and requirements. Surprisingly, less than 50% of all business contracts contain such cyber security risk mitigation provisions and protections today. Target, Home Depot, and Dell all suffered cyber security losses due to inadequate contract protections and protocols with vendors in their respective supply chains. A few thousand dollars spent now on a contract review and audit by a qualified attorney could potentially save your business tens of thousands of dollars in cyber security losses and damages later.

3. Call your insurance agent and obtain cyber security, Internet and data loss insurance coverage for your business, all of which are necessary to insure against losses and damages resulting from data breaches and cyber security attacks. It’s important to note that most insurance policies in effect today (such as those providing general liability, property and casualty, and errors and omissions coverages) do not cover losses resulting from data breaches and cyber security attacks.

While the premiums payable for such additional insurance coverage can be costly, the premiums pale in comparison to the potential liability. However, discounts are available for businesses that have taken common-sense steps to mitigate their cyber security risk. For more information on best practices for cyber security risk reduction and insurance, register for the webinar Managing Your Cyber Security Risk on June 9.

Matt Bergman and his team of professionals within the Cybersecurity and Data Privacy Practice of the law firm of Shulman Rogers utilize their market knowledge and legal experience to provide their clients with value that consultants alone are unable to provide – conducting contract audits, evaluating technology protocols, identifying vulnerabilities, assessing risk, implementing risk management techniques, managing risk allocation, and serving as incident responders when a data breach or cyber crime has been discovered — all from a legal perspective. Matt can be reached at 301-255-0529 or at mbergman@shulmanrogers.com.  

Work With Us Learn How