Nancy Bloom, Gundermann & Gundermann InsuranceWho needs cyber liability? Just about anyone that utilizes electronic data and electronic equipment containing personal identifiable information in their business requires protection from cyber attacks and resulting lawsuits. Cyber liability policies are fairly new, however, the demand has been increasing significantly as businesses, large and small, collect and maintain personal information. Policies can include both first party liability, where the loss is directly to your firm or third party liability which would apply to lawsuits against your firm that allege a form of injury.
Cyber risks may encompass identity theft and business interruption from security breaches of data by a hacker such as driver license numbers, credit card numbers and social security numbers as well as the release of this sensitive information via human error in an email to unintended recipients or intentionally by a disgruntled former employee. Damage to a firm’s reputation, theft of valuable digital assets including customer lists and business trade secrets and the introduction of malware and worms are becoming more frequent, particularly in the real estate industry.
While cyber liability is commonplace for the computer, it is extended to other electronic devices being widely used such as phones, laptops and tablets. A high percentage of data breaches occur as a result of stolen devices. There is also the danger of data release by paying your bills from unencrypted devices such as the Apple Watch.
Additionally if information is outsourced and maintained by a third party IT service there may be more of an exposure to cyber liability risks due to security deficiencies in their system and maintenance that you can’t control.
Also be wary of the cloud. If any of your data or your website is stored in the cloud, you are legally responsible even if your cloud provider mishandles your data.
What is done with the stolen information? Identities are taken, loans and purchases are made, extortion, spams, phishing and other scams are sent and denial of service attacks are created.
The average cyber liability claim is in excess of $700,000 with the cost of legal defense just below that figure.
The cost of data breaches are approximately $225 per record including the cost of investigation, lost business, disruption to your business, class action lawsuits and regulatory fines.
You may be familiar with the most publicized, largest cyber attack of 80 million Anthem Inc. health insurance customers for thieves financial gain. As social security numbers were exposed, this left the consumers open to identity theft for life! This breach also enabled the filing of fraudulent tax returns, credit card fraud and medical identity theft.
Another well known case was Target Corp. which had a massive data breach that exposed the credit and debit card information of 70 million customers. Crisis management was expensive, paying over $250 million to manage the breach of which approximately $100 million was offset by insurance. Cyber liability attacks are not restricted to businesses, they can be a threat from terrorists, nation states, activists, and cyber criminals to gain political, military or economic advantage.
As data breaches occur more frequently, there are additional pressures for businesses to step up efforts to protect the personal information in their possession.
It is advantageous to know your firewall, if your system is protected by anti-virus software, if the sensitive data on your system you store is encrypted, how you authenticate employees that work remotely and how your data backup and storage is handled.
It is important to note that most general liability policies do not cover cyber liability. There is an exclusion for claims based on the loss, damage or corruption of data or the inability to use it. Cyber liability coverage requires the purchase of a special cyber liability policy which is tailored to the size and scope of your business operations. Some policies can extend coverage to your paper based data, data in the custody of vendors, outsourcers or independent contractors.
What is being done to protect us? State insurance regulators are continuing to work with financial regulators and congress to identify specific threats and develop strategies to protect our financial infrastructure. A uniform data breach notification standard will contribute to this success.
Nancy Bloom is an insurance agent at Gundermann & Gundermann Insurance, Huntington, N.Y.