Are you covered if your computer and server are attacked?

Cyber Security

Are you covered if your computer and server are attacked?



On Wednesday, April 18th, 1906 at 5:12am the famous San Francisco earthquake hit. Over the next three days eighty percent of the city was destroyed and over three thousand people lost their lives.

Believe it or not, it was not the shaking earth that caused a majority of the property damage and death. No, surprisingly most of the damage and death over the next few days was caused by broken gas lines and the resulting major horrific fires.

What does that have to do with cyber-security or cyber liability? What are the secondary consequential costs to a cyber-security breach? What are the cyber issues that are equivalent to those broken gas lines?

Let us look at some recently published statistics:

  • Sixty percent of all the cyber attacks world wide are directed at small to mid-size businesses according to the U.S. National Cyber Security Alliance.
  • One out of five small to mid-size businesses will fall to cyber attacks despite substantial investment in computer security. (Better Business Bureau)
  • One half of all small to mid-size businesses that experience a major security breach will go out of business in six months. (U.S. National Cyber Security Alliance)
  • The average cost of a cyber-security data breach is more than $650,000. (Ponemon Institute)
  • This damage occurred while American companies spent 85 million dollars on cyber-security software in 2017 and the cost of cyber-security breaches were in the trillions. (IDC Cybersecurity Ventures)

A few years back, our office and computer systems were attacked even though we had contracted with an outside IT expert and had invested in security software. (I am an insurance guy not a computer guy!)

The attack was successful and shut down our computers, server, access to our client files, and all computer communication to our partner insurance companies. We could not email, issue ID cards, file claims or make payments for clients. The attack came over a weekend. The first day I realized we were experiencing a problem we received a single email stating that our system was attacked and taken hostage! The email instructed me to go to Walmart and purchase a $300.00 gift card and put the gift card number in a return email. When they received the number, and were able to use the card, they would release my system back to me. I had twenty-four hours to respond or they would completely burn down our computer system and destroy all programs and data!

I immediately called my IT guy and he advised me to pay the ransom and I did. When my system was released back to me my IT guy came to the office and spent a day going through our computers, server and changing our security. He said the computer pirates only ask for $300.00 to $500.00 in ransom because it is not enough money for the state police or FBI to bother with.

I have a client who recently experienced the same scenario and he decided not to pay the ransom and let the computer pirates take his system down. The reason he made this decision was because his fiscal year had recently ended. He had completely backed up his systems and all information. So, he had his IT people build a new system and his staff input the last few weeks of invoices, inventory, etc. That process took days to return to normal functioning business operations. What if this occurred a few months into the new fiscal year? What would the potential cost and inconvenience be?

Your current farm owner’s policy or business owner’s policy does not have coverage for cyberattacks. It won’t cover lost money from down time or shut down of your business. It won’t cover any stolen money or reimburse the ransom. It won’t pay any liability that you could be responsible for if the computer pirates harm a vendor or customer of yours.

I now cover my insurance business with a Cyber Insurance Policy. The policy provides the following coverages:

  • Privacy liability, including employees $1,000,000.
  • Privacy regulatory claims coverage $1,000,000.
  • Security breach recovery coverage $1,000,000.
  • Security liability $1,000,000.
  • Multimedia liability $1,000,000.
  • Cyber extorsion $1,000,000.
  • Business income & digital asset restoration $1,000,000.
  • PCI, DSS Assessment* $1,000,000. (*These are written demands received by your acquiring bank, or a credit card association for monetary fines, penalties, reimbursements or fraud recoveries)

Of course, all insurance policies will have exclusions, limits and exceptions. These are a part of every insurance policy to clearly define what is covered and will be paid for and what is not covered and won’t be paid for. The following are examples of cyber liability exclusions, but is not a complete list. (Please read your policy for a complete list.)

  • Employment practices
  • Strikes
  • Failures or malfunction of satellite systems, telephone systems, wireless communications
  • Fire, wind, hail, lightning, smoke, explosion (these are your basic coverages provided on a property policy)
  • Express or implied breach of a contract
  • The presence or contamination of, or discharge and disposal of pollutants
  • The selling of securities
  • Wrongful acts
  • Criminal conduct
  • Dishonest acts
  • Intentional acts

My policy has a $2,500.00 deductible with an annual premium of $400.00. Cyber liability insurance can be an integral part of your overall strategy to protect your computer systems. Software programs and important information and data. The premium is driven by:

  • Type of business
  • Overall financial size of business
  • Payroll and how many employees are in the business

Do not hesitate to call us for more information on Cyber Insurance Coverage at (585) 589-6236 or email us at