by Amanda Kugler
When exploring insurance options there are many options to consider. As a highly regulated industry, cannabis business owners fare better on rates, solutions, and approaches when they go with someone who has connections in the industry to advise their path forward. The same is true of cybersecurity. Here are a few things to consider regarding cybersecurity and your search for the right insurance provider for your cannabis operation.
What is the responsibility of cybersecurity insurance?
Cybersecurity insurances’ primary responsibility is to cover the financial loss of a business due to a cyber-attack or data breach. And within that it’s twofold. The cyber insurance policy can cover one or two ways; it can cover first party coverage, which is the actual client of the insurance agent. That’s going to cover any losses that they sustain due to a cyber-attack or a data breach. You must recoup your damages that you had due to the cyber breach. And that’s where a well-written policy can come into play. The second part of the cyber insurance policy is going to be third party. Think about a dispensary, they have a data breach and the medical facility, all of their patients, personal information was stolen. If there’s lawsuits filed because of that, this policy is going to pay for the third-party coverage. It’s important that the insureds understand which type of coverage they are getting.
What type of threats are cannabis companies facing?
Insurance agents are seeing a lot of email address fraud occurring where it looks like somebody within an organization, or even an outside customer, is asking for money to be sent to a different person or money dropped off to a certain place. And the email address looks identical to that of someone who would normally be sending that email. Then you have another employee. They think that they need to take $5,000 to this person because they’re buying a location and they’re dropping off the down payment, and come to find out that that was not the case. And they’re out that money. Insurance agents hear about this happening a lot and not only in the cannabis space, but it does appear that the cannabis space is under attack right now. Agents have seen an uptick in cyber exposure in the post-COVID world. Not only that, but now you have people working remotely, which causes even larger cyber issues. And if you talk to any type of Chief Information Officer or IT manager, they will agree that having people work in remote locations, not on the same network, has caused an increase in cyber activity.
What should a cannabis company be cognizant of?
So first and foremost, as an insured, you should ask, “do I have a cyber policy?” The difference between a standard business and a cannabis business is that in a standard business, you could possibly have cyber coverage within your general liability and property policy. Cannabis, unfortunately, does not have that luxury. So a cannabis business owner would have to go buy a standalone cyber policy in order to get cyber coverage.
While there are a lot of aspects of insurance that need to be considered in the cannabis industry, having a knowledgeable agent and a reputable company that will write your policy is vital to your success long term.
For more information on cannabis specific insurance policies, contact Amanda Kugler at The Roots Insurance. To learn more about who to partner with for all your cannabis business technology needs, contact Backcross Solutions.