CEO Corner October 2021

You Chose the Wrong IT Service Provider? It’s OK. Don’t Panic!

See what our dental clients are saying about us....

Cyberattacks.  They are the new normal in our society today. No enterprise — from a Fortune 500 mega-company to the corner Sno-Cone stand — is safe anymore. Industry analysts say every 11 seconds, a business is attacked – and in ten years that rate will increase to every two seconds. 

So what can businesses do to protect themselves? Most business owners ‘get the job done’ by aligning with a full-service IT firm with proven cyber security expertise.  Some, perhaps fearing the worst is inevitable, go the extra mile and purchase cyber insurance coverage.

If you’re considering this tactic, do your homework and choose the right cyber insurance policy for your organization’s needs.  It can be a daunting task – as not all cyber insurance policies are equal, and most simply do not cover many of the real-world risk exposures facing businesses. 

To give you an example, here are the ‘Magnificent Seven’ costs many cyber policies do NOT cover:

#1 – Social Engineering

Most cyber insurance policies do not cover business email attacks, in which executives are tricked into wiring money into outside accounts, and other forms of social engineering. 

Seek a policy that covers social engineering and computer crime at full policy limits.

#2 – Account Takeover Schemes

Many cyber insurance policies will not cover losses resulting from the unauthorized access of your bank accounts.

Seek a policy that provides broad coverage for such fraud, no matter if the result of social engineering or other form of unauthorized access.

#3 – Third-Party Mistakes

Many cyber insurance policies do not extend coverage to third-party providers like e-mail, cloud services, web hosting or customer relationship management.

Seek a policy that covers all computer systems and hosted applications that are operated by a third-party vendor. Use Gmail or Office 365 for email or office productivity? No problem!

#4 – PCI Fines

When a company is hit with a credit card breach, many cyber insurance policies do not cover fines and penalties imposed by the Payment Card Industry.

Seek a policy offering coverage for the direct monetary PCI fines and assessments for fraud recovery, operational expenses including card reissuance fees and notification of cardholders, and case management fees.

#5 – New Hardware

Most cyber insurance policies typically don’t cover property damage or hardware replacement.

Seek a policy that covers the cost of new computer systems, including software upgrades, where the firmware of the machine is corrupted.

#6 – Sales Loss During Downtime

Many cyber insurance policies do not cover lost profit in the event of a business interruption event.

Seek a policy that covers lost profit as well as continuing normal operating expenses, including payroll. One that covers both security failures and system failures AND if the interruption happens during a period of abnormally high sales volume.

#7 – Reputation Damage

One of the most significant risks facing companies in the event of a data breach or cyber attack is reputational damage. However, most cyber insurance policies don’t offer such coverage as a result of the difficulty of quantifying the loss.

Seek a policy that covers the costs of public relations, media purchasing, and other related costs to mitigate harm to your reputation.

Businesses cannot look at cyber insurance the same way they look at insurance for floods or fire. Cyber threats are new, and constantly evolving. What-if analysis and financial modeling do not apply. 

When purchasing cyber insurance, be sure to carefully review all coverages and policy language – and even consider consulting with your legal counsel and/or an experienced insurance broker.


Todd Gooden

CEO & Founder

The Solutions Team