8 Reasons Why Your Cannabis Business Needs Cyber Insurance
So, you most likely are wondering now “Why does my cannabis business even need cyber liability policy?”
Great question! In short, small and medium-sized businesses are vulnerable targets and statistics show they have become the global favorite for cyber criminals. The odds of a cyber breach against a business are continuing to rise due to the advancement and usage of technology. Whether a business is storing basic information such as name and contact information, or private personal data such as medical history, or payment information, or even your very own trade secrets – the threat is huge! The costs and complexities of a cyber incident have skyrocketed and continue to climb in a post-pandemic world. Let’s begin with 8 reasons why your cannabis business needs cyber insurance.
- Seed to Sale tracking means you are collecting and maintaining a lot of data. It also means that you can be the entry point into the pipeline. If your operations experience a cyber incident that compromises the data of other industry operations, you will experience third party expenses such as legal liability costs, defense expenses and any regulatory fines or penalties.
- Many businesses cannot afford to hire a Chief Information Officer (CIO) or Chief Technology Officer (CTO), especially for new ventures. This means as the industry and your business continue to rapidly grow, cyber security procedures may go by the wayside – increasing risk for a cyber incident. A cyber and data liability i
- The cost of a cyber event can be significant, even for very small businesses. In fact, small to medium size businesses averaged $178,000 per Breach, $112,000 in Crisis Services, and $181,000 in Legal costs. (See more cyber claims statistics from NetDiligence here.)
- Employees remain the biggest cybersecurity threat due to access to systems, inconsistent security practices, and social engineering attacks on their trusting human nature. “Changes in user behavior are increasingly blurring the lines between personal and business.”
- Continuity of business in the event you suffer a cyber attack. Imagine your operations being shut down for a few weeks or even just a few days…how much would that impact your ability to earn revenue? A cyber liability policy can help protect against loss of revenues and extra expenses to maintain operations after a cyber event. This can also protect your contingent business income in the event a business you’re dependent on suffers a cyber event.
- Cannabis insurance is very segmented which means that in most cases specific exposures (like cyber and data breach) require a specific stand-alone policy to cover. Traditional insurance policies were not designed for these types of risk. Losses not covered by your traditional Liability or Property policies include cyber incident response costs, business income, ransomware expenses or a loss to your business’ assets.
- Help when you need it and meaningful assistance to prevent a loss before it happens. Your insurance provider should be providing you will expert training materials making it simple, effective and efficient to educate your team on cyber security measures. In the event a cyber event does occur, they also provide 24/7 access to a cyber response team in the event of a breach.
- Multimedia Liability covers legal liability costs (including defense expenses) resulting from materials published or broadcast by the insured due to claims such as copyright/trademark infringement or disparagement.
What types of cyber and data losses does my cannabis business face?
Research and Development, Trade Secrets and Proprietary Information
- Do you use laptops and cell phones within the scope of your business? Of course you do! Picture this: A key employee leaves for the day with their work laptop. Later that night, that employee’s vehicle is broken into and their laptop stolen. How do you have information stored and protected? Can this criminal gain access to your data and learn about your unique processes or ingredients?
- This about the intellectual property of your organization has developed and maintained. This is anything from specific crop trade secrets, cannabis product recipes and formulas, or other R&D plans. This is what gives your business a competitive advantage in the budding industry which is why it is important to safeguard it with both proper cyber security measures and a cyber liability policy.
Social Engineering and Wire Transfer Fraud
- Imagine that you or one of your employees receives a message from a packaging vendor you work closely with that you need to update your payment methods. The email (or phone call) appears legitimate and instead of verifying this request – payments are submitted to the new account. You eventually learn this vendor didn’t actually request a change in payment method when your packaging was not received. Unfortunately, you have fallen victim of a bad actor preying on human nature to initiate a wire transfer via a social engineering scheme. You can read the announcement of social engineering attacks against MRA licensees here.
- Social engineering is the art of manipulating people and encouraging them (in good faith) to divulge sensitive or personal information. Take this one step further with the “authorized” wire transfer of funds. Learn more about social engineering in our previous blog.
Cyber Extortion and Ransom
- Picture a multi-location cannabis operations suffers a cyber breach to their network. This breach leads to the network locking up and the backup systems across all locations to fail. Your organization is unable to continue with day-to-day business activities until a ransom of $50,000 is paid and the lock is released. How will you pay for this?
- Ransomware and extortion are a common cyber incident where some kind of payment is demanded in exchange for the release of data or your systems.
Multimedia Liability
- As you’re opening the mail, you receive a “cease and desist” demand letter alleging copyright infringement after using an image found on a Google search. After using this image on your website and other promotional materials, the copyright holder and owner of the image requests that the image be removed. Additionally, they have demanded compensatory damages for the use of the image.
- This component of a cyber liability policy provides coverage for third party claims resulting from dissemination of online or offline media material. These include claims alleging libel, slander, plagiarism, copyright/trademark infringement or personal injury.
Privacy Laws, Regulatory Defense and Fines/Penalties
- Think about any of the cyber incident examples above where you may suffer “first party” financial damages. Upon review of the cyber breach, one regulatory body alleges that your business did not notify those who had their sensitive data leaked. Your business is not forced to pay a large amount out of pocket for notification to each individual as well as regulatory compliance checks and financial penalties.
- What happens when you experience a breach and data of other businesses and individuals is potentially stolen? With the right cyber liability insurance in place, you can have support to not only handle a breach but begin paying for the notification expenses and hopefully avoid future fines.
- Furthermore, your business is handling so much data and information that often times includes access to medical history for cannabis patients. So is your cannabis business subject to HIPAA compliance? This remains a bit of a gray area due to the federal legality of the product however, this is another reason to protect your information and business with cyber liability.
Business Interruption and Dependent Business Income
- What happens when your systems are attacked or disrupted due to a cyber incident? The rest of your business duties carry on but are you able to continue following an attack? What happens if you’re unable to control automated processes or take payments during this time?
- Often times, business continuation is overlooked when considering cyber risk. This is excluded from your commercial property policy however the right cyber policy can help with the continuation and reimburse you for the lost sales during this time.
- It can also help if one of your dependent vendors suffers a cyber attack that impacts your business directly.
What factors into the cost of cyber and data liability insurance for a cannabis business?
- Type of business and industry
- Gross revenue and amount of payment card transactions
- Number of records containing Personally Identifiable Information (PII) you store and compliance with standards like Payment Card Industry (PCI) Data Security Standards (DSS)
- Your prior cyber liability loss history or any prior security incidents or circumstances that may arise in a loss
Cannabis Cyber Risk Takeaway - Don't Become a Statistic!
Simply put, cannabis businesses are required to collect and maintain a lot of information due to “seed to sale” tracking. This also means that your network (as well as access to other cannabis businesses) are at risk because others may have weak cyber security protocols in place. A study from the IBM/Ponemon Institute found that data breaches can cost businesses over $240 per stolen record!
Cyber Liability Insurance for the cannabis industry does not have as many options to choose from and due to the increased risk, minimum premiums begin around $5,000 annually. So while that annual cost may have you second guessing the importance of cyber liability, what is potential out of pocket expense for you and your business if you were to suffer a cyber incident? Just as you purchase insurance for property and liability, this should be part of your fiduciary duty to your organization to ensure all options have been considered. All in all, implementing the right insurance solutions and cyber security processes can help offload your online exposure.
Are you feeling confused, don’t know where to begin or would like to see how you can protect your business from a future cyber incident? Contact us today to get started! Our Cannabis insurance solution is designed specifically for dispensaries, cultivators, extractors, manufacturers, wholesalers, transportation, testing facilities and lessors risk buildings.
More Cannabis Industry News
Want to stay up to date on the latest cannabis insurance news? You can find more on important topics in the cannabis industry on our blog.
Or get more information about insurance solutions for the cannabis, CBD, and hemp industries from Spire Insurance Solutions here.
About Spire Insurance Solutions:
Spire Insurance Solutions provides risk management solutions to both the Recreational & Medical Industry. Through a consistent approach, Spire is your expert buyer of insurance and helps companies purchase important Insurance coverages in the evolving Cannabis industry. With years over 45 years in business with experience in assessing risk, our team sees that many cannabis related businesses do not have the coverage they desperately need. Our mission is provide unparalleled and caring service to our clients through our knowledgeable staff and give back to our employees, agency, industry and our communities.
When it comes to insurance, it helps to work with an agency that has both the experience and capabilities to meet your needs. We will help you manage and plan for your potential risks. As professionals, we assess your needs and offer you a variety of insurance products to choose from. Let Spire Insurance Solutions elevate your insurance solution to help your growing business.
Disclaimer: This Blog/Web Site does not provide insurance or legal advice. This site is for educational purposes only as well as to provide you with general information and a general understanding of insurance, not to provide specific legal advice or specific contract advice. Viewing this site, receipt of information contained on this site, or the transmission of information from or to this site does not constitute a client relationship.
The information on this Blog/Web Site is not intended to be a substitute for professional insurance or legal advice. Always seek the advice of a licensed agent in your state pertaining to insurance and legal issues.
Author: Tyler Bartosh
Sources: Helpnetsecurity.com; Netdiligence.com