The Basics

The possibility of becoming a victim of cybertheft is growing in today’s digital world. If your medical, financial or personally identifiable information (PII) is stolen and used fraudulently, it can take years to correct and cause financial and emotional strain. There are many things you can do for protection including buying insurance.

What is cybercrime?
Cybercrime is a criminal act involving a computer and a network. Cyberrisk includes any risk associated with online activity, such as storing personal information online or completing online transactions. This includes damage to your or your business's reputation, financial loss or disruption to your life or your business operations.

What is the danger of cybercrime?
Cybertheft can be as simple as someone stealing your credit card and using it for online transactions or more seriously, someone stealing your identity.  

What is PII?
PII is any information that could identify a specific individual. Commonly, it would include current and former name, address, social security number, driver’s license or other identification number and date of birth. These pieces of information linked with any medical or financial information can provide valuable information to cyber thieves.

How do I know my identity is at risk?
You are at risk if you store personal information on a home or work computer, bank or shop online. Your data may have been compromised if you notice any of the following scenarios:

  • You see unexpected withdrawals from your bank account.
  • You don't receive your bills or other mail.
  • You're billed for health services you didn't use or your health plan rejects a legitimate medical claim.

Regularly check your credit report to ensure you don't see:

  • A new account you did not open.
  • Unfamiliar accounts listed.
  • Negative items.

How can I protect myself?
There are basic steps you can take to secure your information and data:

  • Be alert to impersonators by being careful about who you trust online.
  • Safely dispose of personal information by shredding documents using a cross-cut shredder.
  • Use strict privacy settings on your computer, devices and browsers.
  • Keep passwords private and complex.
  • Be careful when sharing personal information on social media.
  • Be cautious of what you download from the Internet.
  • If your social security number is requested by a vendor, ask why it's needed, and how it will be used and protected.

Keeping your information safe also means ensuring your devices, including smartphones, laptops, desktops, iPads and other devices, are secure:

  • Update your software regularly.
  • Use antivirus or anti-malware software to protect against malicious software that disrupts computer operations, gathers sensitive information, gains access to private computers or displays unwanted advertising.
  • Password protect your laptop to prevent unknown users from accessing it.
  • Avoid opening emails or attachments from unknown senders.
  • Back up your files to an encrypted flash drive or external hard drive.

The Federal Deposit Insurance Corporation (FDIC) offers a Cybersecurity Checklist to help you protect your computer and money from online criminals.

Cybersecurity insurance policies can also be purchased. These policies are available for individuals and for businesses to offset the costs resulting from identity theft.

Individual Protections and Identity Theft

What is identity theft?
Identity theft is the unauthorized use or attempted use of an existing account, use of your information to open a new account and misuse of your information to commit fraud. Identity theft insurance helps you pay the costs of restoring your identity if it is stolen.

What is covered in an identity theft policy?
Identity theft insurance policies come in all shapes and sizes. They can be endorsed on your homeowners or renters policy. Identity theft insurance policies normally reimburse you the cost of restoring your identity and repairing credit reports. They cover expenses such as phone bills, lost wages, mailing costs and sometimes attorney fees. These policies are typically fairly low cost.

What if a company that has my personal information loses it?
State law requires businesses to notify the owner of the information if there is a security breach. This notice can either be written or electronic.

Business Protections

I have a business that keeps personally identifiable information (PII), what should I do?
There are steps you can take to help secure your business:

  • Start by conducting a security and self-risk assessment - determine what to protect, what protection exists and where the gaps exist. This also means developing a plan to protect your property and data, operational information and client data. Finally, identify the tools you need to protect this information.
  • Implement sound cybersecurity procedures and training for employees - educate employees on smart use of social media, how to spot suspicious emails and not connecting to public Wi-Fi on a company device.
  • If your small business has a disaster recovery plan, consider cybersecurity insurance as part of it. If you don't have such a plan, consider creating one. Developing procedures and identifying threats is important but you also must understand your vulnerabilities. You might consider testing such as an internal phishing campaign against employees to check your company's vulnerability.
  • Always back up important business systems and data - implement settings encouraging regular password changes, restrictions on the websites employees can access, as well as strong security software.

My business had a computer breach and lost PII, now what?
If your business had a security breach, you must immediately notify each person of the breach. There are other potential concerns related to admitting a breach including financial and legal issues. You may need to talk to an attorney. If you have already purchased a cyber liability policy, contact your agent or company to discuss filing a claim.

What is covered under a cyber liability policy?
Cyber liability policies are relatively new and can cover a wide range of expenses. Commonly though, a cyber liability policy will cover the costs of an information technology (IT) review, a legal review, the notification to affected individuals, cost to service affected individuals, public relations services and legal defense.    

What is an IT review?
An insurance company may pay for professionals who can analyze your computers and networks to discover how the breach occurred, the extent of the breach and the number of affected individuals. 

What is a legal review?
An insurance company may pay for the hiring of an attorney(s) to help you determine the best response to a data breach.

What services might be offered to individuals?
An insurance company may pay for the service costs for the affected individuals including sending them helpful information or providing a telephone number to call for help. An insurance company may offer to pay for identity theft protection for a certain period of time to affected individuals in the case of a loss.

What are public relations services?
The policy may pay for a public relations firm to review how best to publicly respond to a data breach.

What are legal defense costs?
Legal defense costs pay for the cost of an attorney to defend you in case you are sued. Legal defense costs may also pay for damages to victims. Unlike the other coverage, legal defense costs are a third-party coverage under cyber theft. The coverage mentioned above (IT review, legal review, etc.) all help the business owner when PII is stolen, but legal defense cost coverage ultimately may pay costs to an affected person.

Not all cyber liability policies include all of the above coverage and some may offer more coverage. Be sure to check with your agent and read your policy carefully.