Dealerships and Cyber Security Awareness
Reviewing your Cyber Coverage
October is National Cyber Security Awareness month, making it a good time to review your internal controls and your coverage. You DO have Cyber coverage…Right?
It amazes me as we travel the country speaking with Dealers how many have not yet purchased Cyber coverage. Dealers have a tendency to want their insurance premiums to ‘’stay the same’’ or ‘’go down’’ from the previous year…so, adding new products such as Cyber are often a ‘’hard sell.’’ Many Dealers rely on the ‘’watered down’’ Cyber Endorsements provided by their Garage carrier, feeling that their coverage is adequate to protect them.
That is, of course, until the breach occurs.
Never happen, you say? Really!!??
Truth is, we have ALL been ‘’touched’’ by Cyber incidents over the past decade. Most of us have received the ‘’letters’’…beginning with Home Depot and Target and moving into more sophisticated companies that have a whole lot more of our PII (Personal Identifiable Information) than department stores or home improvement centers. Many of us, as well, have experienced nightmares involving the loss of Banking or Credit Card information through ‘’hacking’’ or other ‘’schemes.’’
Dealerships are high risk targets.
To put this into perspective, think about the firms we entrust with our personal information…our Bank…our Physician…our Accountant…our Auto Dealer? Of these, who is the ‘’least’’ secure. Bingo!
Dealers are ‘’ripe’’ for the picking by Cyber Thieves, and the level of “new” PII increases with every prospect that walks on the lot. Why would a hacker NOT target a Dealership? In most Dealerships, the PII is everywhere.
So, to say “It won’t happen to us”…is a bit naïve.
Protecting your Dealership with Cyber Insurance is essential. But, all Cyber coverage providers are not the same. Just like selecting a physician, you need a specialist that understands Dealerships and the unique exposures.
The real ‘’key’’ to any Cyber Insurance policy is in the Crisis Management. Here we find the firms engaged by carriers to handle the ‘’fall-out’’ from the event. They work with the Insured to ascertain the extent of the breach, draft and send the notifications, and handle the on-going Public Relations campaign.
Cyber events are like icebergs and the Titanic. You can see the initial damage…but, potential for sinking the ship with what you cannot initially see is huge. A lifetime of reputation building in the community can be destroyed with one small theft of Customer PII or a systems breach. It can be a disgruntled employee, an outside hacker, or a systems breach of your DMS system. All extremely disruptive and potentially very expensive.
Be prepared with a ‘’reality check’’ on your internal controls, and engage a quality Insurer to provide Cyber coverage that’s strong enough to withstand a breach.
by Steven P. Gibson
President, Dealer Risk Services