Welcome to the first of many articles on this issue’s critical focus: cyber insurance for the cannabis business.
While the cannabis industry remains fragmented with multiple companies performing tasks from seed to sale, everyone — regardless of revenues — is vulnerable to cyber attacks. As a growing industry, cannabis is a popular target of perpetrators from around the world, and the number of cyber breaches is steadily increasing.
IBM says the cost of a data breach could be millions of dollars, no matter what the size of the company attacked. Lost business is a large component of a breach, and according to a Verizon report, most of the attacks are on small businesses.
The risks are increasing as companies open themselves to substantial digital exposure. People are now working from home. Staff are using their own devices for data transmission. ATMs and other devices are used to collect money. Perhaps this is why last year, Capital One had to put $400 million cyber risk insurance in play after an attack got into its cloud and accessed the data of millions of customers — who never knew about it until their debit cards or bank accounts were stolen.
The need to take quick action if a cyber-attack occurs is imperative. There are several steps to follow that can minimize the extent of losses, ease recoveries, and reduce downtime:
- Assume that if your cannabis business is using any digital technologies there will eventually be a breach at some point. Even emerging cannabis businesses need to have an in-house plan for dealing with a breach. It does not have to be complicated, but carefully thought out with all parties concerned: especially your insurance broker and insurer who provides the coverage.
- There should be a written drill or plan of defense that can be quickly executed.
- An investment should be made in real-time monitoring so that once the hacker is identified the plan can be put into action. The longer the breach the more costly it will be.
- Having your insurer and broker involved is imperative as they will have resources that traditional, mostly small operations do not. This is especially crucial for free-standing dispensaries with a high transaction volume.
- Advise your supply chains about the issue and get them involved in repairing the damage and shoring up the security against another breach.
- Get in touch with the customers who have been affected, and advise them about reimbursement should their personal accounts have been compromised.
- Make sure that employees are advised of the breach and include them in taking further actions for preventing the attack again.
- Have regular discussions with staff on methods to ensure that future actions will prevent new incursions.
- Make certain that you have adequate limits by using a non-employee like your broker and attorney to be certain that your coverage is wide enough.
The next issue of Kanna Knowledge will detail the coverage needed for a proper cyber policy: watch for it September 30th.