Insurance is one of those business costs we all hate paying every month, until the day we actually need it. I’m not an insurance expert so I don’t know exactly how many policies a typical dealership has. I imagine it’s quite a few when you add up the various property, casualty and liability coverages.
But I do know there is one very important insurance that a lot of dealerships don’t have and don’t realize they desperately need: cyber liability insurance.
Cyber liability insurance covers costs related to a breach of data at your dealership. The likelihood of this occurring is high. In the last 12 months 71% of Small to Mid-Size Businesses (SMBs) reported a security breach, according to a July 2016 report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey. Companies with fewer than 500 employees proved the most vulnerable with a 75% breach rate.
Property insurance may cover physical damage to your hardware, software and networking equipment, and casualty insurance may cover losses of the same due to theft. But neither will cover costs related to loss or theft of your data.
If a hacker gains access to your customer records, the costs to your dealership can be astronomical.
In one dealership I know of, a cybercriminal hacked into their credit bureau and pulled over 200 credit reports, costing the dealership over $150,000.
If your dealership database contains 100,000 customer records and someone gains access to all of those records, the cost could be in the millions. This is based on an average $10 to $30 per customer record breached.
Why so much?
When criminals gain access to your company database, they gain access to sensitive data like social security numbers, credit card numbers and addresses. They then try to use this information to open and access accounts, drain money and destroy individuals’ credit.
Your dealership is liable for these types of attacks and the resulting costs, which may include:
Investigations. When a data breach occurs, it’s recommended that you notify local law enforcement. This may lead to the FBI getting involved. In some cases the FBI will notify you that a data breach has occurred. If this happens there’s a good chance that a computer forensic investigation will be ordered, the costs of which your company must bear. Computer forensic experts charge up to $1,000 per hour and an investigation takes many, many hours.
Business Interruptions. In some cases your business may be ordered to close the doors while the source and impact of the data breach is assessed.
Notifications and Credit Monitoring. In many states, your business is required to notify customers if their Sensitive Personally Identifiable Identification (SPII) have been accessed or acquired. In addition, you may be required to offer free credit monitoring services to every person impacted.
Crisis Management and Public Relations. When a data breach occurs, quick action is important to help restore the public’s confidence. Professional services may be needed to help your business recover from the negative publicity.
Lawsuits. It’s likely your dealership will become a target for customer and class-action lawsuits related to the data breach. Also be prepared for possible FTC action for non-compliance with the Gramm-Leach-Bliley (GLB) Act and software copyright laws.
To protect your dealership from the harsh consequences of a data security breach, consider adding cyber liability insurance to your list of policies. You may not think you need it, but if you ever do, you’ll be very grateful to have it.
Author: Erik Nachbahr
Erik Nachbahr founded Helion in 1997 with the goal of bringing strong information technology strategies and leadership to auto dealerships. That vision has guided Helion with a focus on outstanding service and innovative, client centric solutions. Nachbahr believes that a strong information technology strategy centers on improving the efficiency of the business it serves while controlling costs. Nachbahr holds a B.A. from Loyola University Maryland, an A.A. from Baltimore International Culinary College and industry certifications from Microsoft and Cisco. In his current role as president and CEO of Helion, he works as chief information officer for a client base with billions of dollars in annual revenue.