When it comes to cybersecurity threats, everyone is at risk - regardless of the size or industry of the business. Last week, the cannabis industry experienced a major setback when a software vulnerability revealed the personal information of at least 30,000 people from various marijuana dispensaries across the U.S. had been exposed.
This recent data breach incident serves as a stark reminder of the unique risks that businesses in the cannabis industry face. Although it remains unclear who accessed the data, this incident highlights the particular risk that businesses in the cannabis industry face: legal requirements to collect detailed personal records from clients and a fluid regulatory landscape. This cannabis data breach incident also highlights that a proactive cybersecurity plan can help shift legal risk, and likewise, the importance of well-drafted liability protections if a data breach does happen.
What is Cyber Liability Insurance?
Cyber liability policies protect businesses from a variety of cybersecurity failures, such as data breaches and ransomware attacks. This is similar to other types of liability insurance. Cyber liability policies cover expenses or losses incurred when a computer network or database has been hacked, ransomed, or otherwise compromised. Coverage typically includes:
- Notification costs – including investigating, responding to, and resolving an actual or suspected data breach, and alerting potentially affected people. You might need mailings, call centers, or even additional staff.
- Credit monitoring costs – companies trying to mitigate a security breach often provide free credit reports or monitoring, as well as identity theft insurance costs to defend claims by state or federal regulators.
- Ransom payments – sadly, hackers can (and have) taken networks and databases, hostage. Liability insurance would cover ransom payments, as well as costs for data recovery and restoration and loss from business interruption.
- Fines and penalties – with new data privacy laws emerging, the penalties for failing to protect consumer data could be substantial.
- Third-party liability – if allegations of negligence or failure to take reasonable measures to prevent a security breach arise then, a third-party business could be held responsible.
- Crisis management costs – to track and contain both the cyber threat and the fallout, you may need forensic investigators, professional crisis management, or strategic communications support.
Cyber liability insurance is an increasingly important risk management tool that organizations rely on as a part of a larger, comprehensive cybersecurity and privacy breach response plan. Take note that cyber liability insurance is different from technology errors and omissions (tech E&O) insurance, which is designed to protect companies that provide technology products and services, such as computer software manufacturers. Cyber liability insurance covers the fallout from a particular breach of customer or client data.
Cannabis Industry Data Breach and Why Cannabis Businesses Need Cyber Liability Insurance
Any business that collects personal data could face substantial liability in the event of a breach, however, the cannabis industry faces even more risk, because of the unique amount and type of sensitive information dispensaries and other businesses are required to collect.
In addition, and due to the constantly shifting industry and regulatory landscape, many cannabis businesses may find themselves in uncharted territory and are likely to have questions about cyber liability risks. It is also important to note that while general liability insurance policies may cover some cybercrime losses, they generally will not provide the comprehensive coverage needed to mitigate the damage from a data breach. Some general liability policies may even contain exclusions for cyber liability losses and claims.
One thing is for certain: data is becoming increasingly valuable. At Octillo, our incident response attorneys understand the important steps cannabis dispensaries, cannabis software providers, and other businesses should take to protect valuable data. If the worst happens, it is critical to have the right liability coverage to minimize losses and disruption. Our team can help assess liability coverage, using their expertise to help map out a nuanced cyber liability insurance plan for any cannabis business in the plant medicine industry.
*Attorney Advertising. Prior results do not guarantee future outcomes.