WHAT IS CYBER LIABILITY INSURANCE?

Posted on by flriskadvisor

What is Cyber Liability Insurance?

Cyber Liability has been a very trendy buzz word over the past few months. Insurance companies have traditionally been slow to recognize new exposures and Cyber Liability is no exception. There is good news to report; many carriers have entered the market offering robust coverage for Cyber Liability. But first what is Cyber Liability and who needs it?

All businesses today have a need for some type of Cyber Liability insurance. Cyber Liability insurance covers the following areas:

  • Security – failure of network security.
  • Privacy – failure to protect confidential information.
  • Media – loss arising from display of material online.
  • Intellectual Property – infringement of copyrights, patents, trademarks and other protected works.
  • Errors & Omissions – loss resulting from computer systems and professional services provided to clients.

Cyber Liability traditionally addresses the first- and third-party risks associated with e-business, the Internet, networks and informational assets. This has recently expanded to include many employment related losses born out of the use of social media and social networking sites.

Traditionally losses have been focused on typical first and third party areas below:

  • Denial of service hacking
  • User posts libelous material on a bulletin board
  • Webmaster uses another site’s content in site development
  • Theft of client’s credit card numbers
  • Privacy breach resulting in loss or release of medical, financial (credit cards) and social security information
  • Another party’s unauthorized use of on-line content
  • Introduction of a virus into a client’s system
  • Inadvertent release of client’s confidential information
  • Theft of product designs
  • Extortion
  • Web site design that does not function correctly
  • Employee makes derogatory comments about a competitor (social media)

With the advent or explosion of social media new types of exposures are being uncovered. These are in the employment area or employee cyber privacy claims. Here are some recent examples:

  • Employer makes employment decisions from social networking site.
  • Employer access employee’s private email and text messages.
  • Email or social networking harassment claims.
  • Employer terminates employee(s) over social networking posts.

By far the most common loss is by privacy or data breach. According to the “2011 Verizon Data Breach Investigations Report” there were 760 reported breached in 2010 up from only 141 in 2009. Another fact from the report indicates Cyber criminals are targeting small businesses with 11 to100 employees due to their lack of security expertise.

The main sources of these breaches are lost/stolen lap tops (35%) and system failures (33%). Most companies feel the largest exposure comes from a suit or civil action from the affected or third party. By far the largest exposures come from regulatory fines and the costs associated with breach notification and credit monitoring expenses. The costs for notification and credit monitoring vary based on industry. The current average cost is around $200 per account or record. I came across a site that has a breach cost calculator(http://www.tech-404.com/calculator.html) I encourage people to use it to demonstrate the costs associated with a data branch.  

Another area not really discussed is the laws associated with breach notification. All 50 states have some type of breach notification requirement. Some require notification in three days others five or seven. The difficulty is determining what the standard is and staying compliant in the event of a breach. The Obama Administration has discussed setting a Federal standard on breach notification time frames. This would provide clarity and save time and expense in the event of a breach. The engagement of PR firms, Law firms and IT firms is the real hidden expense associated with a breach.

What should I do?

These losses are not covered by the traditional CGL, EPL, D&O or property policy. A Cyber Liability policy is needed to adequately address the exposures. Most policies are comprised of six separate insuring agreements

1. Technology Security Liability

2. Privacy Liability

3. Private Information Breach

4. Web and Media Liability

5. Extortion

6. Data Restoration

These policies can be tailored to the individual needs of the insured. But a policy is the last line of defense. Companies need to be proactive. Companies should be prepared with encryption software, vulnerability assessments and written breach response and identity theft prevention programs. These can be easily obtained and affordable through IT firms. These are the front lines of defense and having these precautions in place does affect the insurance pricing.

Leave a comment