The concern with Data
As an insurance agent, all of your information for clients, businesses, and prospects is stored in a personal secure server, which only you and your producers can access. With everything being locked by personal codes, nobody should be able to breach this data. However, on a holiday vacation, one of your producers accidentally loses his phone in the airport. Two weeks later, you find that all of your secure data has been leaked. What can you do to mitigate damage? What are you required by law to do? What practices and safeguards could you have set in place to help in this situation? And, is this something your commercial lines clients will need to worry about as well?
Now’s the time to ask yourself important questions about cybersecurity. Do you need insurance for your business? And how can you sell this to others as an insurance agent?
Can insurance cover this?
Privacy is becoming a major issue throughout the world as more and more data is being migrated online or into cloud-based servers. In the age of Big Data, companies are beginning to collect increasing amounts of data about the people they interact with. The more data you have, the more personalized you can make the service, and the better information your company has about its operations. Clicks, histories, banking information, cards, medical history, passwords — it’s all in the cloud.
Big data has these upsides, but many people are starting to wonder just what we’re sacrificing in exchange for personalization and connection. Companies such as Facebook and Google are facing up to 9.3 billion dollars in fines for breaches in privacy agreements; new laws are being put into place throughout the world for how companies must handle data, and what they allow others to see; and, importantly for insurance agents, more companies are beginning to see the value in setting up measures for if and when a data breach happens to their company. What can you do to protect yourself if the situation described above happened to your business? What are you required to do by law, and what can insurance help with? How do you ensure you cannot become the next Equifax, allowing preventable breaches to ruin business and reputation?
New laws set stricter standards
As of September 1, 2018, the state government of Colorado has passed new Cyber Security laws that all covered entities must adhere to. A covered entity, as defined by this law, is any entity which “maintains, owns, or licenses personal identifying information” for a resident of Colorado. This personal identifying information is a wide range of things, including any emails with passwords or security questions, banking information, credit card information, social security number, student identity numbers, and more.
Some of the provisions of this law require Colorado businesses to have written policies in place for shredding and disposal of personal information, what to do when this information is breached, and the exact steps to follow to notify any affected customers. Customers must now be notified within a 30 day period, with no exceptions to this timeframe; and, if there were more than 500 customers affected, the business must notify the Colorado Attorney General’s office. If over 1,000 customers are affected, the business must also notify credit monitoring agencies for every affected client.
With this law being signed, Colorado now has the strictest laws for data breaches in the country, though many states are not far behind. Florida also enforces the 30 day period, though allows for an additional 15 days under special circumstances. For national agencies, with clients throughout the country, the company has to adhere to the privacy laws of the state where the affected individuals live, not simply where the headquarters are located (e.g. your company’s state may have a 90 day period, but you have Colorado customers, so you must adhere to the 30 day period).
Why Businesses need Cyber Security Insurance
For situations like the one described in the beginning of this article, cyber security insurance can help cover the cost of an electronic forensic team, credit monitoring services, crisis communications and PR services, and more, depending on your chosen coverage.
For anyone who services a large amount of customers, cyber security insurance is quickly becoming a must-have, similar to any form of Business Owner’s insurance. It will become a necessary part of how you conduct your business and ensure that you can serve, and protect your customers. Credit monitoring services, attorney fees and investigative teams can be a hefty cost to a small business, so just like any form of insurance, assisting in covering these costs can save your business from unrecoverable costs.
What about for insurance agents?
For insurance agents, selling cyber security insurance should become a staple of your commercial offerings. For businesses that you currently work with, having a talk about adding cyber security insurance to their policies can be an excellent cross-sell opportunity. Additionally, this is a good opportunity to reach out to small businesses that might not realize how they are affected by these new laws, and become an educational resource that they can rely upon.
Companies such as The Hartford offer information about navigating what coverages a company may need, classes for agents to learn about coverages and options available to them, and competitive rates for agents to write a policy for a businesses in need.
Allied Market Research estimates the Cyber Security Insurance market to grow to 14.5 billion by 2022, making it one of the largest emerging markets for agents to chase. If you are looking to grow your business in 2019, starting the year by adding this to your list of offerings can be a sure-fire way to increase revenue.
ASNOA is the go-to independent insurance agency network for truly individualized support and genuine results. Whether you are a captive agent looking to transition into owning your own business, or a current independent agent looking to grow your book of business, ASNOA can help. With ASNOA, you don’t have to spend time worrying about daily operations. Instead, you can happily focus on doing what you love: selling insurance.