Through SRA’s program, Victorious was able to utilize the available tax efficiencies that allowed the owners to manage their risks more effectively.
Background
Victorious Health and Wellness (Victorious) is a mid-sized company located in Northern Arizona specializing in personal care and health products. They operate two small boutiques in Arizona, however, most of their business is conducted through their online storefront. The company is owned by a husband and wife interested in offering their customers the highest quality health and wellness products with the utmost focus on customer service.
- Annual Gross Revenue: 1.8 Million
- Owner Structure: LLC with two owners
- Employees: 6
Risk Description
The company relies heavily on technology in order to operate their thriving business. A majority of sales come from their online storefront. The business also utilizes a cloud-based software from a third-party vendor to manage their supply chain, track sales, and house client data.
Incident
Victorious is a highly profitable company with most sales being generated through their online storefront.
Two years ago, Victorious began offering a monthly subscription package. Due to the popularity of this program, Victorious adopted a cloud-based management software to better track orders, client data, and supply chain logistics. This also allowed the company to manage the growth without an increase in hiring.
Because Victorious is heavily reliant on their reputation and customer service, the owners decided to purchase a cyber insurance policy as part of their traditional property and casualty insurance which covers:
1. Notifying the affected customers
2. Credit monitoring of affected customers
3. Breach investigation
4. Legal advice and reputation
5. Judgments or settlements
6. Cyber business interruption
The policy contains exclusions for business income loss due to a 3rd party vendor outage, other than a security breach, with sublimits on cost incurred. Also excluded are costs incurred to recover and organize lost data.
Victorious is concerned that an outage or interruption with their 3rd party software or website would result in a non-covered event. Even if a cyber claim was determined to be valid, the owners believe the policy sublimits would hinder their ability to fully recover from a catastrophic loss.
Resolution
SRA successfully implemented a strategy that would ultimately protect Victorious if a 3rd party software failure resulted in a loss of income. SRA also created and administers ERM company, with the same ownership structure as Victorious, to more efficiently manage risk to the company’s unfunded liabilities. Through SRA’s program, Victorious was able to utilize the available tax efficiencies that allowed the owners to manage these risks more effectively
SRA designed an ERM strategy that would help to recoup loss of income due to a 3rd party outage or interruption.
- The strategy addresses other cyber risks that were excluded from Victorious’ current cyber policy and sublimits associated with the current policy.
- The ERM strategy also addresses any losses incurred to Victorious’ brand or reputation due to adverse media reporting.
Key Takeaways
- The ERM program created a source of tax-deferred funds to mitigate the risks of a loss of income associated with the interruption of a 3rd party vendor or cyber breach.
- The strategy filled the gaps within Victorious’ current traditional cyber policy.
- The ERM strategy also managed the risk to the company’s reputation in the event of bad publicity.
Get Started