August 2011: Cyber Liability

The ‘digital universe’ is accelerating–employees use more mobile devices, consumers share more personal data, and companies find new ways to utilize this data. Statistics show that less than one third of the information in the digital universe has at least minimal security or protection…

  • Have you fully identified your data that could be at risk?
  • Are you confident that you have adequate controls and security to protect this data?
  • Is your IT department current on daily evolving threats?
  • Do you have a system intrusion disaster recovery plan?

Most businesses have taken steps to secure their computer systems but the reality is that no system is impenetrable. Recovering from a breach can be expensive and time consuming–determining the cause and the extent of the breach, complying with notice laws, handling public relations, resolving lawsuits from customers and clients–can truly destroy a business!

Are you exposed?

As businesses are forced to become technologically savvy to compete in today’s marketplace, they may not be aware of emerging risks that could threaten the bottom line, or more importantly the reputation of their businesses.

Most businesses today operate:

  • computer networks
  • internal and external emails
  • customer and company databases
  • social media sites
  • websites with or without an e-commerce component.

These are all avenues for:

  • inadvertent transmission of a computer virus or malicious code to someone else’s system
  • sending emails that crash another party’s network
  • unauthorized access to your system by a third party, hacker, etc.
  • theft of data resulting in disclosure of or misuse of confidential information
  • theft of system resources
  • allegations of infringement of copyright, trademark, trade name, title or slogan
  • allegations of defamation as a result of emails, web contact, blog or forum postings
  • extortion.

Criminals are out there 24/7 sabotaging or stealing information and not just from Fortune 500 companies. However, cyber criminals are not the only ones putting you at risk. You also have the potential of being exposed by:

  • an employee losing their laptop or mobile device allowing access to sensitive data
  • a rogue employee posts to a blog or social media site slandering another company
  • an employee’s network password being compromised
  • paperwork containing private information (social security numbers, bank account numbers, driving license numbers, etc.) being visible on an employee’s desk and not securely locked when not in use

When one of these happens to your business, the cost will be substantial–both in expenses and loss of reputation. So the question becomes, why wouldn’t you transfer the financial risk to another party–an insurance carrier?

Cyber Crime Statistics

For 15 years, the Computer Science Institute (CSI) has conducted an annual survey of IT security professionals across the United States.

The 2010/2011 CSI Survey reports:

  • 41.1% of respondents experienced at least one cyber security incident during the survey period.
  • 22% of respondents said at least some of those incidents were targeted attacks aimed specifically at their company.
  • 67.1% experienced a malware infection.
  • Only 8.7% said security incidents included financial fraud.
  • 40.9% said at least some financial losses due to cyber security threats were caused by malicious insiders.
  • 60.5%, said some losses were due to the accidental actions of their own employees.
  • Only 27.5% reported any cyber intrusions to law enforcement and just 3.6% reported incidents to the public media. Belief that law enforcement could not help, that the incidents were too small to report, and fear of negative publicity, were the top reasons.

2010/11 CSI Computer Crime and Security Survey, used with the permission of the Computer Security Institute, GoCSI.com.

Breach Examples

The phrase “Cyber Breach” has become part of our lexicon in recent years and these breaches have become very expensive for both business and the general public. 45% of reported cyber breaches cost between $250,000 and $1,000,000 to remediate.

In 2011 alone, these reported breaches have made the news:

  • SONY Playstation network: 77,000,000 accounts affected
  • Citibank network: more than 300,000 accounts affected
  • NASDAQ’s internal website was hacked

These large companies have full IT departments that monitor for this type of illegal activity and yet they still were breached.

For a small business it could be as simple as an employee’s laptop or USB drive being stolen or misplaced to a computer malfunction that distributes customer information in a mass email or posts it to a web site. These can be accidental or malicious, generated by an employee, or your business system could be hacked and/or a virus injected.

Consider these actual security breaches which you could experience as well:

  • A hacker stole all of a company’s customer data then blackmailed the company by threatening to post it publicly or sell it to a competitor.
  • The Nature Conservancy in Arlington, VA lost the records of 14,000 current/past employees and their dependents. The data loss occurred when an HR employee’s laptop was infected with spyware while visiting a sports-related website. This type of web-browsing activity is very common in the workplace.
  • A Nevada woman purchased a used computer from a pharmacy discovering that it still contained the prescription records including names, addresses, social security numbers and all medicines of the pharmacy’s customers.

As vigilant as you are to protect yourself, the criminals that conduct this type of activity are always one step ahead. One way you can mitigate the damage is to have a cyber liability policy in place.

Cyber Liability Protection

Businesses of all sizes have some level of these exposures and breaches placing their financial assets and reputation at risk. The losses resulting from cyber breaches are typically excluded by standard commercial liability policies as they respond to claims arising out of bodily injury to others or damage to tangible property. Damages arising out of cyber activities do not normally meet a general liability policy’s definition of bodily injury nor result from a property policy’s covered causes of loss.

Some carriers offer an endorsement to their Commercial Package or Businessowner policies to extend some Cyber Liability protection. However, often the limits offered are lower than needed and the coverage is not as extensive as a stand alone Cyber Liability policy.

Cyber policies vary from carrier to carrier so they must be examined carefully to determine which provides the best coverage for your business. They can include coverage for:

  • first and/or third-party
  • loss of income and extra expenses incurred
  • cost of notifying potential data breach victims and required third parties
  • cost of services for breach victims (i.e. proactive monitoring service, help line, identity restoration case management, etc.)
  • litigation including legal expenses, judgments, and settlements
  • regulatory investigations including legal expenses, judgments, and settlements
  • state notification expenses
  • crisis management expenses

Coverage is provided by a limit per incident or claim and subject to a policy aggregate and deductible. The premium is determined based on your specific business activities and thus loss potential, limits, and deductible elected, etc.

A benefit of having a policy is that it enhances your financial stability and gives peace of mind as you navigate business in the necessary but unclear digital universe.

How we can help you…

Every facet of our society is affected–business, government, military, social media–and the likelihood is increasing. We can work with you to identify your exposures and find a carrier to provide the best protection for your assets. Can you afford to wait any longer to protect your business? riskmanagement@tooleinsurance.com

Phone

 


There’s nothing like talking to a real, experienced agency professional. Please give us a call. No obligation, no hard sell – we’re here to answer your questions and get you connected to the information you need to make a decision.
413-243-0089