Cyber Liability Poses Risks Not Covered By Ordinary Insurance

White mask holding out red flower thinking about cyber liability

It’s all but impossible to do business today without computers and the Internet.  Even if a computer is used for nothing more than accounting and keeping track of orders, a data loss or equipment failure could mean economic hardship for any company.

Throw in the use of email, a website or social media and a company’s risk exposure could be greater than that posed by the more physical threats of fire or other disasters—especially where privacy laws and the potential for lawsuits are involved.

As unprepared as some companies could be for this, the real shock may come when they find out their commercial business liability insurance doesn’t cover them in cyberspace.

“It would cover the loss of a computer if someone stole a computer or a laptop but it doesn’t cover the information on it. With a data breach everything that’s digital is not covered,” says Christine Marciano, president of Cyber Data Risk Managers, LLC.

She says Sony learned this the hard way in 2011 when someone hacked into 77 million PlayStation accounts and stole customer information—as the company discovered its commercial liability insurance didn’t cover a data theft. Sony, which faces a class-action lawsuit, put its losses at $171 million. Some estimates say the losses could cost up to $2 billion.

Other companies have faced losses as well. A study by the Ponemon Institute, released in March, examined 49 U.S companies in 14 different industries. It put the average cost of a data loss at $5.5 million per organization, plus $3.01 million in lost business costs. The cost of lost data was $194 per record.

The heavy price tag comes from tracking down the reasons for the data loss, figuring out what records were taken, notifying customers, dealing with the public, the loss in business from customers leaving the business and, in some cases, a company being unable to function when its computers were down.

Companies could not only face a liability risk from their own employees, if personal data is hacked into or stolen, they can also be held liable for losing a customer’s information or infecting a client’s system through an undetected virus.

Although bigger companies get the headlines when there’s a data breach, smaller businesses are at an even greater risk. They don’t have the deep pockets of the larger companies, so their computer systems could be less protected and an easy target for hackers.

A 2010 survey by Symantec Corp. found that 73 percent of small and midsize companies had experienced a cyber attack and the number of attacks increased by 93 percent from 2009 to 2010.

“This cuts across all sizes of companies and honestly it’s more dangerous for the small to middle market companies because quite frankly they might not have as many funds to spend on IT protection, whether it’s in-house or externally,” says Ken Goldstein, vice president at Chubb Insurance. The company estimates that half of all companies that suffer data breaches have fewer than 1,000 employees. “Inevitably they will have some type of a cyber liability event happen to them regardless of how they prepare,” Goldstein says. “You do not want to be in a situation as a small middle-market company dealing with a breach without the ability to transfer the risk.  It could effectively wipe you out of business.”

 The Wild Wild West

Cyber insurance began in the early 2000s but didn’t get much attention until more recently, with high profile cases like the Sony breach. Unlike insuring a house or a business, which are easy to quantify, companies can find their cyber insurance needs a bit harder to define and that policies differ greatly among carriers.

“They need to work with somebody that specializes in it just to be able to know what’s covered and what’s not,” Marciano says. “They do vary greatly and it’s sort of deemed as the wild wild west right now just because it’s all over the board and the premiums are across the board too.”

Marciano says a typical policy for a data breach would cover the costs of notifying customers, credit monitoring services, hiring a computer forensic investigator, privacy attorney, crisis management, regulatory fines, loss of business income plus privacy and security liability.

In setting rates for cyber insurance, insurance companies examine things like the type of records a company keeps, how well it protects them and whether they have a plan for dealing with a loss or an attack.

“They’re looking at the hygiene of the organization to really see what they are doing to control their risks as far as firewalls, antivirus systems, prevention or detection systems,” Marciano says. “Of course the more they have in place, the more they’re protecting the network from attacks and protecting that sensitive information that they’re holding onto the more chance that they’ll have of getting approved and getting a favorable premium.”

Goldstein says insurance companies look at the type and amount of information a company has, along with network penetration testing and detection methods, plus company policies regarding mobile devices, what encryption methods they use and password control.

Some businesses, particularly smaller ones, might opt for using an outside vendor for securing their data and network.  Goldstein says although this can be a valuable service it does not protect a business from any data loss by the vendor—as the business itself is still primarily responsible in terms of legal liability.

He suggests making sure a contract has an indemnification provision in the event that the vendor is infiltrated and a company’s employee or customer data is put at risk.

“You need to do due diligence on the company that you’re ultimately dealing with and honestly if they’re a company that’s dealing with a variety of other companies they may be pooling your information to some respect with a variety of other companies information,” Goldstein says. “If a breach occurs, are they really going to have a sense of whose information is ultimately at issue?”

There are 46 states that require companies to notify those whose records are stolen. A credit monitoring service is not required by law but many companies offer this protection after a data loss as a way to maintain relationships and reduce the risk of a lawsuit.  The cost of this can also be insured.

What Else to Cover

News organizations and publishing companies already have content liability coverage as a matter of routine and are likely already covered for their online activities.  When non-media companies operate a website, host a blog or use social networking Goldstein says they expose themselves to content liability issues such as defamation, invasion of privacy, copyright and trademark infringement.

Goldstein says a non-media company with a heavy online presence should make sure it’s covered with a robust content liability coverage plan. Marciano says this liability could be covered through cyber insurance or as part of standard business liability since many companies already include advertising liability with their regular insurance coverage.

Other areas of coverage include denial of service, for income loss for when a network goes down, and cyber extortion. Goldstein says there are cases where hackers will steal private information regarding a company’s employees or customers, and demand money for its return. Insurance for this risk could include the cost of the ransom and hiring a negotiator to work on the company’s behalf.

Whether it’s a cyber attack, a system failure or a stolen laptop the odds are that a company will eventually face some type of a data loss.  Just as companies have contingency and business continuation plans in case of a physical disaster, they’ll need more of the same to deal with any cyber-related problems that arise.

“These days it’s not a matter of if a data breach will happen it’s just a question of when so today it’s better to plan ahead so that when it does happen they’re ready to just move forward and act,” Marciano says. “A company has a pretty good chance of having a cyber attack versus losing their entire organization to a fire.”

insurance hackers fraudSome cyber insurance providers offer assistance in incident response planning, with negotiated contracts from pre-approved vendors. Marciano says insurance companies can also recommend vendors to their clients.

Goldstein says a cyber disaster plan could be as simple as choosing which forensic firm a company will use when a problem arises. Other considerations could include how to notify those whose data was lost and legal representation in case of lawsuits or the need to defend the company against regulatory actions.

Preparing for a disaster by reaching out and establishing relationships with vendors can be an important part of an incident response plan. Goldstein says this enables companies to get ideas on cost, the type of assistance a vendor could provide for when a data breach occurs. Chubb also has an incident response template it provides to its customers to help them prepare for what could be inevitable.

“The key takeaway that really any company should have is if you collect, if you store, if you transmit any type of private information that we’ve been talking about you’re exposed to the same type of issues that these companies in the higher hazard areas have ultimately been exposed to historically,” Goldstein says. “You have to ask yourself, what company doesn’t have employee data? What company doesn’t interact with customers where they’re not taking some level of customer information?”

COMMENTS

  • If some one needs to be updated with hottest technologies afterward he must be pay a visit this web site and be up to date all the time.

  • You can certainly see your skills in the article you write. The arena hopes for even more passionate writers like you who aren’t afraid to mention how they believe. At all times follow your heart.

  • This paragraph will help the internet viewers for building up new website or even a blog from start to end.

  • I’ve been exploring for a little bit for any high-quality articles or weblog posts in this kind of house . Exploring in Yahoo I eventually stumbled upon this web site. Reading this information So i’m glad to convey that I have an incredibly excellent uncanny feeling I discovered just what I needed. I most for sure will make certain to do not overlook this site and give it a glance on a continuing basis.

  • tamelabridges5

    This is the right website for everyone who really wants to understand this topic. You realize a whole lot its almost tough to argue with you (not that I really would want to…HaHa). You definitely put a new spin on a subject which has been written about for years. Excellent stuff, just wonderful!

  • alonzoq51850

    naturally like your website but you need to check the spelling on quite a few of your posts. A number of them are rife with spelling issues and I to find it very bothersome to tell the reality however I’ll definitely come again again.

  • kristoferwiliams

    Hello, I wish for to subscribe for this webpage to obtain newest updates, therefore where can i do it please assist.

  • tatianageach263

    Howdy very cool web site!! Man .. Beautiful .. Wonderful .. I will bookmark your web site and take the feeds additionally? I’m happy to search out numerous useful info right here in the submit, we’d like work out more strategies on this regard, thank you for sharing. . . . . .

  • tammitpf592

    Superb site you have here but I was wanting to know if you knew of any user discussion forums that cover the same topics discussed here? I’d really like to be a part of community where I can get opinions from other experienced individuals that share the same interest. If you have any recommendations, please let me know. Thanks a lot!

  • tbxralf5572

    An outstanding share! I’ve just forwarded this onto a coworker who has been doing a little homework on this. And he in fact bought me dinner simply because I found it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending time to talk about this topic here on your blog.

  • andreasbullock4

    naturally like your website but you need to test the spelling on quite a few of your posts. A number of them are rife with spelling problems and I in finding it very troublesome to tell the reality on the other hand I’ll certainly come again again.

  • silkegaby93474

    Heya terrific blog! Does running a blog similar to this require a lot of work? I have absolutely no expertise in programming but I was hoping to start my own blog soon. Anyhow, if you have any suggestions or techniques for new blog owners please share. I understand this is off subject however I simply wanted to ask. Thanks a lot!

  • rgbzak2413

    Admiring the commitment you put into your site and detailed information you present. It’s great to come across a blog every once in a while that isn’t the same out of date rehashed information. Excellent read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  • hannastockwell

    I think that everything said was actually very logical. But, what about this? suppose you wrote a catchier post title? I am not saying your content isn’t solid, but suppose you added something that grabbed a person’s attention? I mean Consumer Insurance Guide is a little boring. You might glance at Yahoo’s home page and watch how they create news headlines to get viewers to open the links. You might add a related video or a pic or two to get people interested about everything’ve written. Just my opinion, it would make your blog a little livelier.

  • charoletteclever

    Hello everyone, it’s my first go to see at this site, and paragraph is really fruitful in support of me, keep up posting such content.

  • clementjjl

    Hi, all the time i used to check weblog posts here early in the break of day, since i enjoy to find out more and more.

  • simonsams737056

    Hi there, its good article about media print, we all be familiar with media is a impressive source of data.

  • karol20r82

    Thanks for your personal marvelous posting! I quite enjoyed reading it, you might be a great author. I will ensure that I bookmark your blog and will often come back from now on. I want to encourage you to continue your great writing, have a nice morning!

  • ada89m7234

    Hi there Dear, are you really visiting this site on a regular basis, if so after that you will without doubt obtain nice knowledge.

  • laylatill59

    I was more than happy to discover this site. I want to to thank you for your time for this fantastic read!! I definitely really liked every bit of it and i also have you saved to fav to look at new things in your blog.

  • christianetallen

    Hi there colleagues, nice paragraph and good arguments commented here, I am in fact enjoying by these.

  • donnellhacking3

    Hi, its nice piece of writing about media print, we all understand media is a impressive source of data.

  • chongdupuis

    With havin so much content and articles do you ever run into any problems of plagorism or copyright infringement? My site has a lot of exclusive content I’ve either authored myself or outsourced but it appears a lot of it is popping it up all over the internet without my authorization. Do you know any methods to help stop content from being ripped off? I’d truly appreciate it.

  • valenciabrush1

    An impressive share! I’ve just forwarded this onto a friend who has been doing a little research on this. And he actually ordered me lunch because I discovered it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanks for spending the time to talk about this issue here on your website.

  • tnfallie128759

    First of all I would like to say excellent blog! I had a quick question that I’d like to ask if you don’t mind. I was curious to find out how you center yourself and clear your mind before writing. I’ve had a difficult time clearing my thoughts in getting my thoughts out there. I do take pleasure in writing however it just seems like the first 10 to 15 minutes are usually wasted just trying to figure out how to begin. Any ideas or hints? Cheers!

  • sofiashapcott

    Undeniably consider that which you said. Your favorite reason seemed to be at the net the easiest thing to be aware of. I say to you, I definitely get annoyed whilst other people think about issues that they plainly don’t understand about. You controlled to hit the nail upon the highest and also defined out the whole thing without having side effect , other folks could take a signal. Will likely be again to get more. Thanks

  • svenborowski5

    Wonderful post but I was wanting to know if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit further. Many thanks!

  • margartappleroth

    Magnificent beat ! I wish to apprentice even as you amend your web site, how can i subscribe for a weblog web site? The account aided me a appropriate deal. I have been tiny bit acquainted of this your broadcast provided vibrant clear concept

  • bndmilton4

    This blog was… how do I say it? Relevant!! Finally I’ve found something that helped me. Many thanks!

  • rosebottomley29

    Howdy! Quick question that’s entirely off topic. Do you know how to make your site mobile friendly? My website looks weird when browsing from my iphone. I’m trying to find a theme or plugin that might be able to correct this problem. If you have any suggestions, please share. Many thanks!

  • Undeniably imagine that which you said. Your favourite reason appeared to be on the internet the easiest factor to keep in mind of. I say to you, I definitely get annoyed while folks think about worries that they just don’t realize about. You managed to hit the nail upon the top and outlined out the whole thing without having side effect , other people can take a signal. Will likely be back to get more. Thank you

  • It’s impressive that you are getting thoughts from this article as well as from our dialogue made at this time.

  • What’s up, this weekend is nice in support of me, as this point in time i am reading this great informative post here at my home.

  • Hi there to every body, it’s my first go to see of this webpage; this weblog includes amazing and really good data in support of readers.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.