Are There Cyber Risks in the Cannabis Business?

by | Oct 31, 2019 | Business Insurance, Business Risk, Cannabis, Cyber Security, Data Security

Read the title above.

The answer? Yes.

End of blog.

Well, ok, not the end. Here’s the deal. Cyber attacks are hitting all industries and the shockwave is always felt across an organization’s bottom line, and marketplace reputation. Industry research tells us that 70% of businesses are unprepared to deal with a Cyber Attack. On top of that, the average cost of cyber-attacks on businesses is $1,050,000 per year. Being unprepared in this space will have a tremendously negative impact on the bottom line of your burgeoning business.

As a cannabis industry business you have access to a large amount of intellectual property, client data, patient data, and other sensitive financial data. On top of this, many cannabis businesses are operating with automated machinery and processes. This makes you a pretty attractive target for a hacker. Your automated system could be rendered inoperable. What is the cost of your downtime? Your intellectual property could be stolen. What is the cost of your brand reputation in this space? A hacker could gain access to your sensitive data and demand ransom.  The City of Baltimore was recently hacked and their system and data encrypted and rendered useless. The hackers demanded $76,000 to release the info back to the City. They City refused to pay. The cost to regain access to their data? Well, they are up to around $18,000,000 at this point. That is a pretty hefty price to pay.

There are options for you. You can purchase a cyber liability policy as a first step. Be sure you read the fine print, though. Does it cover cannabis operations? What exclusions are in there? Will the policy defend you? Are their sublimits? Beyond this, a cyber liability policy is just the insurance placement part of protecting yourself and your organization. What else can you do, proactively, to mitigate your exposure and reduce the potential of a loss? Here are some tips that can help your organization:


  1. SET THE TONE AT THE TOP: A transparent and direct line of communication about your risk to all members of your organization is critical in setting the tone. 97% of Cyber Security professional incorporate safety training and workplace education into their plans. You need to have a clear picture of your cyber risk exposure and a cyber program to address that risk
  2. PROTECT YOUR INTELLECTUAL PROPERTY: The cannabis industry will have price changes and pressures driven by supply and demand. Your research and development in this space will allow you to maintain a competitive advantage. Be sure to implement and invest in strategic information security to protect your intellectual property.
  3. FOCUS ON INNOVATION WITH AN EYE ON RISK: Automated facilities and advanced technology will also allow you to remain competitive in this growing space. With this innovation also comes increased risk for hackers to access your systems. Keep an eye on this risk and have strategic, proactive risk mitigation strategies and process to address this exposure and protect your business.
  4. MANAGE YOUR THIRD PARTY AND VENDOR RISK: Successful cannabis businesses will most likely partner with top notch vendors, suppliers, and providers. It is imperative that you know where your cybersecurity environment ends and where your suppliers’ begins. Where are the overlaps and potential gaps? Be aware of any external risks you may encounter.
  5. BE PROACTIVE, NOT REACTIVE: Hackers are looking for high-value personal identifiable data – and odds are you have that. Have a strategic response prepared and practiced in the event you are breached. Your brand reputation is important so be sure you are prepared to respond in the event of a breach. And, of course, communicate this throughout your organization.

As within all aspects of your organization, risk can be identified and financed through insurance policies. Keep in mind, however, that that is only one aspect of a successful program. Having a strategic Risk Reduction Plan in place will help mitigate and transfer risk from your organization. Having a plan that is proactive in nature will give you some control and predictability to your insurance program – and to the operations and bottom line of your business.

[calltoaction border_width=”3″ border_color=”#007046″ button=”yes” buttonlabel=”Click to Talk to an Expert” link=”” buttoncolor=”orange” buttonsize=”medium” buttonstyle=”simple rounded” button_position=”center” target_blank=”yes” text_position=”center” text_color=”#141414″]Interested in learning more about protecting your cannabis business from unsavory cyber criminal?[/calltoaction]


Related Posts