Edward Snowden may be a thorn in the side of the National Security Agency. Yet, his actions have highlighted the importance of cyber security and the need for cyber liability coverage. This is a critical issue, which agents and brokers should be discussing with clients.
Most business entities have digital content stored on email systems, websites, laptops, cell phones or computer networks. This content is vulnerable to damage by viruses, hackers, identify thieves, employee saboteurs and cyber terrorists. Damage to electronic data can disrupt a firm’s business operations, creating income losses and generating extra expenses. Data losses that involve sensitive information can result in lawsuits against the firm and damage its reputation.
Cyber exposures can also arise from company websites. Information a company publishes can lead to claims for defamation, plagiarism, invasion of privacy or infringement of intellectual property rights.
Cyber liability policies offer a menu of coverages so that insurance buyers can adapt the policy to meet their needs. Here is a quick overview of the coverages typically provided.
- Crisis Management Coverage: Covers the costs of a public relations consultant to reestablish your business reputation. Intended to mitigate additional damages from the data breach.
- Damage to Electronic Data: Covers the cost of replacing or restoring electronic data that has been lost, corrupted, altered, damaged or stolen due to a hacking event, a virus or other malicious computer code or a denial of service attack.
- Business Interruption and Extra Expense: Covers loss of business income and extra expenses incurred during the period of restoration due to an interruption of the insured’s business operations due to a covered event. Many forms cover cyber terrorism.
- Crime Coverages: May cover extortion demands based on threats to harm the insured’s data or computer system. May also cover funds transfer fraud and/or computer fraud.
- Computer Forensics: Covers the cost for a thorough security audit of your computer systems to identify the source and scope of the data breach.
- Notification costs: Covers your cost to fulfill any obligation you have to notify third parties of an actual or suspected breach of personally identifiable information.
- Credit monitoring: This is a necessary service to mitigate potential identity theft claims. Covers the cost to provide credit monitoring and fraud alert services to affected customers.
- Network Security: Covers claims arising out of the insured’s failure to prevent a virus from damaging data or a hacker from gaining access to a computer system.
- Privacy Liability: Covers claims arising from the insured’s failure to protect the privacy of customers and other parties. Some forms cover claims by the insured’s employees as a result of breaches of employee data.
- Website Media Liability: Covers damages against the insured resulting from certain intentional torts like invasion of privacy, public disclosure of private facts, defamation, libel, or slander. Also covers violations of intellectual property rights like infringement of copyright, trademark, trade name, trade dress, title, slogan, service mark or service name. Plagiarism and domain name infringement may also be covered.
In the wake of the Snowden affair, the NSA will undoubtedly reassess its security protocols. Clients should reassess their cyber security practices as well. The odds are if their business hasn’t been hacked yet, it will be. And if it has already been hacked, it will probably be hacked again.