Cover Your Bases Across Regulatory Compliance, Insurance and Privacy Training
If you’ve watched the news in the last few months, you already know cyber events are no joke. Recent ransomware attacks, including at Colonial Pipeline, have significantly impacted critical infrastructure and supply chains, resulting in millions of dollars in losses.
For businesses large and small, compliance with federal, state and foreign privacy laws and regulations has become an essential obligation. These laws govern a company’s collection, storage, use, sharing and disposal of personally identifiable information (PII), protected health information (PHI) and payment card information (PCI). A company’s inadvertent failure to abide by these laws, or its failure to timely and fully disclose how it performs such tasks, can make it a target for regulatory proceedings and civil class actions. These lapses can also be a source of reputational damage.
Failure to protect private information can also lead to consumer class actions. And, organizations could be presented with shareholder suits if the value of an organization is harmed due to a cybersecurity event.
Here are a few things you can do to ensure adequate risk mitigation and protection for businesses of all sizes.
1 – Don’t ignore data security and privacy compliance.
2 – Create and memorialize regulatory compliance policies and procedures.
3 – Make sure your website is up to date with the most applicable laws.
4 – Conduct an audit, to get a health check of your cyber security status.
5 – Purchase a broad cyber liability insurance policy, which can protect you from enduring substantial loss should you have a cyber breach.
In today’s world, risk transfer alone isn’t enough to protect a business from the implications of a cyberattack. The right combination of a well-placed cyber liability insurance policy, compliance knowledge and review, employee training, and loss mitigation services are an effective approach to reduce a company’s cyber risks and potential exposures.