Independent Insurance Agent and Risk Manager
Licensed in PA NJ NY MD DE NC TN VA WV

Cyber Liability – Closing Today’s Largest Coverage Gap

Uncategorized / September 26, 2011

with thanks to Selective Insurance and Westfield insurance…

According to statistics compiled by the Wall Street Journal from the U.S. Secret Service, 61% of internet hacking schemes in 2010 were performed on small businesses. Today, cyber attacks aren’t just targeted to large corporations – any organization that transacts business electronically is at risk.

We have seen a sharp increase in the number of losses that businesses are incurring due to this threat.

You can protect yourself against many of these risks. Today, many companies offer “Cyber Liability” coverage for their clients.  We strongly suggest you consider this protection for your business.

The coverage comes in many forms.  There is no standard policy.  The coverage may include:

Electronic Media Liability:

Helps protect against 3rd party claims from:

  • Copyright, trademark, trade dress, service mark or service name infringement,
  • Defamation,
  • Right to privacy violation, or
  • Plagiarism, that are caused by errors, misstatements or misleading statements in electronic communications.

Electronic Information Security Liability, Security Breach Expenses Coverage or Data Compromise Coverage

Helps protect against 3rd party claims from neglect, breach of duty, or omission resulting in:

  • Transmission of a computer virus to a third party
  • Inability of authorized users to access a company’s electronic information systems (e.g., company website)
  • Failure to prevent unauthorized access to or use of personal information held within a company’s electronic information systems

This coverage designed to help businesses notify and assist their clients and others following a breach of personal identifying information. Data compromise events include theft of electronic files, theft of physical files, accidental loss or inadvertent release and voluntary release due to fraud.

First party coverages (benefiting you, as the insured business) cover the cost of notifying clients, employees and others affected by the breach and provide specialized services that help businesses retain their clients’ and employees’ trust and goodwill following a breach. Services include:

  • Legal review of notification obligations
  • Help to find out who was affected by the breach and how to notify them
  • Preparation of notification letters
  • Toll-free help line
  • Credit monitoring for affected persons

Third party coverages provide defense (within the limits of insurance) and liability costs in the event that affected persons sue your business as a result of a breach.

Legal mandates

  • Most states have enacted laws requiring notification of security breaches involving personal, non-public information which the business controls.
  • Generally, these laws mandate expedient notification “without unreasonable delay” and many statutes impose civil or criminal penalties for failure to promptly disclose.
  • A common misperception is that these statutes apply only to an organization’s clients or consumers. In fact, they pertain to the private records of any individual, including past, present or prospective employees.*

Covered types of data

  • Private, non-public data in the business’ custody or control, including but not limited to: drivers’ licenses, credit account information, Social Security numbers, medical records and other private data
  • Customer data
  • Personnel records for past, present and prospective employees

Identity Recovery Coverage:

This coverage is designed to assist victims of identity theft with recovering control of their identity and correcting their credit history. In addition to reimbursing people for expenses they incur to recover their identity, our identity recovery coverage also includes services to assist insureds in restoring their good name and credit.

Commercial risks – who is covered?

  • Key individuals of the business, depending on the type of business
  • For a sole proprietorship, it’s the owner or co-owner
  • For a partnership, it’s the named partners
  • For a corporation, it’s the owners who own at least 20 percent If no one owner owns at least 20 percent, then the CEO would be the insured

Theft of an owner’s personal information can damage the business in two ways. First, because the owner of the business must devote a lot of time to dealing with the identity theft and the recovery process, and second, because damage to an owner’s personal credit can damage the credit of the business.

What services do the case managers actually perform?

Identity theft claimants referred to a case manager will receive guidance through all the steps in the process to correct their credit history or identity records. Case managers know who to contact, how to contact, what information the creditor or institution will need and how to demonstrate that the victim’s records or accounts have been fraudulently misused.

They will:

  • Work with credit bureaus, creditors, financial institutions, and others to identify errors and help claimants correct their records
  • Enroll victims in an electronic credit monitoring services
  • Request a fraud alert with credit bureaus where warranted
  • Prepare communications for claimants to send the Social Security Administration, their state’s Department of Motor Vehicles and other government entities
  • Provide legal referrals for assistance with court appearances and legal entanglements related to identity theft
  • Work with claimants to check for a recurrence of identity theft problems
  • Keep detailed records of the steps taken and remaining in the process

Is help available if an insured’s credit card is misused?

  • Instances where someone gets a credit card number and makes unauthorized purchases to the insured’s account are not true identity theft.

Limits and deductibles apply to all coverages.  It is best to review your potential exposure with us.  We can then work with you on the best coverage  and premium options