What You Should Know About Cyber Risks

Mar 28, 2012

Digital information is being used by businesses more and more.  As we progress forward with more technology and methods of using digital information such as mobile devices, laptops, phones etc., the instances of data theft and breaches which result in private information being exposed are more and more likely to occur.  When we talk about Cyber Risks, we are talking about security and privacy risks.

With the rise in cyber related incidents, it is important to know and understand if your insurance is covering you in the event of a data loss or data breach.

The following are examples of cyber related breaches.

  1. An employee’s laptop is stolen or a USB drive that stored private information?
  2. A hacker breaks into your network and steals all your customer data.
  3. An employee accidentally distributes customer information in a mass e-mail, on printed material, or posts sensitive data on a website

What do all of these examples have in common? None of the losses would be covered under typical business insurance policies.

Commercial general liability policies cover claims against your clients for damage to other’s property, but damage to data is specifically excluded.  Not only is the damage to data excluded, but damage (including bodily injury) caused by a loss of data is specifically excluded as well.  This means the full financial impact of these incidents would fall directly on your business.

Many endorsements and or policies to cover data are readily available.  There are many versions of “cyber liability” policies available in today’s marketplace, and it is important to have a broker who will carefully review terms and conditions to make sure that the policy will do what you expect.  If you are dealing with private information in any way you need some form of coverage to protect your business.  Covering these exposures is not as expensive as you might think.

It is recommended that you have a data risk assessment performed by an IT professional who specializes in data security.  In this way you will know what your weaknesses are and can fix them before a breach happens.  A risk assessment along with adopting the best practices demonstrates that a business has done their due diligence, and when documented, can serve as a defense when a cyber threat impacts their employees or customers.

Broker vs. Insurer? It is more advantageous to negotiate a Cyber-Liability policy through a broker, rather than negotiating directly with an insurance company. Why?

  • Insurance is a business. The less claims are paid, the more profitable the insurance company will be.
  • A broker represents your interests and has extensive knowledge in negotiating with insurance underwriters to get you the best deal. He facilitates claims reimbursements making certain that reimbursements are correct. He has no conflict of interest when negotiating on your behalf.
  • Your personnel may not be specifically trained in cyber liability.  It’s far better to use someone who is fully familiar with the ins and outs of this type of insurance.
  • It doesn’t cost you more to use the expertise and professional services of a broker.

Susan Kattoo
Executive Vice President
McPhee & Associates, INC