Cyber attack can strike any business, anytime
Businesses, beware: Cyber liability victims come in all shapes and sizes, exposures may come from any direction, and nearly all organizations are potential targets. According to the Ponemon Institute, a Michigan-based research center dedicated to privacy, data protection and information security policy, 51 percent of CEOs surveyed reported experiencing a data breach either hourly or daily.
The victims are often unsuspecting and, unfortunately, frequently uninsured against cyber attacks. Cyber attackers prey on local store owners who collect customer email addresses for promotions, for example. They stalk car dealers whose salespeople communicate with potential buyers via smartphone. They target service providers who accept credit cards. Any business or employee that uses the Internet is vulnerable. According to the Ponemon Institute, employees’ personal smartphone and tablets are the devices most susceptible to security breaches. A mobile study found that 68 percent of employers allow employees to use their own mobile devices at work, yet 81 percent had no knowledge of the regulated data that reside on those devices.
“These facts are startling,” says David Derigiotis, assistant vice president, Burns & Wilcox Professional Liability Center of Excellence. “Business owners aren’t fully aware of how vulnerable they are when it comes to mobile device exposures and cloud computing.”
Derigiotis advises brokers and agents to talk to all of their commercial clients about obtaining data privacy coverage before disaster strikes.
What specifically should they discuss? He suggests they pose the following five questions to their commercial clients:
- Do you store sensitive data about your clients such as personal, financial or medical information?
- Does your organization use computers, mobile devices and/or the Internet?
- Are you aware of the costs associated with a data breach? How could a breach affect your business from a financial and reputational standpoint?
- Can you trust everyone of your employees? What if an employee stole client information for personal benefit? What if an employee lost confidential data or submitted sensitive customer information to the wrong recipient?
- Do you understand all of the regulatory, state and federal laws surrounding data breaches? If you experienced a breach, would you know what to do?
When retail brokers and agents shop for a wholesaler to place their business, it’s important to know about coverages and the wholesale broker’s experience and capabilities.
What should be covered within data privacy? Here are some points to consider when evaluating the options:
- Liability coverage for identity theft, breach of privacy, failure to protect confidential client data, transmission of spyware, viruses and malicious code
- Available limits for forensic analysis, notification and call center costs, and credit monitoring/ID theft prevention services.
- Unauthorized access to named insured’s laptops, storage media and paper records
- Worldwide coverage
- Loss of business income
- Extra business expenses incurred during recovery
- Restoration of a network
- Theft of money and payment of extortion demands
- Full liability limit available for defense of proceedings instituted by privacy regulators
Questions to ask your wholesale broker about data privacy:
- What exactly is covered?
- How do you distinguish a good product?
- Every carrier is different, how do you know which carrier to recommend?
Escalating competition in the tech liability space often means better terms for clients, Derigiotis says. “Pricing for cyber and privacy liability is more affordable than it has ever been, but it’s important to ask the right questions.”
The rise of cloud computing adds a new exposure wrinkle. “We are seeing more businesses using the cloud for IT-related services,” Derigiotis notes. “Businesses that use the cloud are essentially outsourcing their network, applications, and other computer based functions to be managed over the Internet. This is a cost-saving approach for many businesses and it grants 24/7 access to their outsourced provider for any troubleshooting tasks. But business owners need to be concerned with this approach because there is a loss of network control and security. However, coverage is readily available for these exposures.”
Brokers and agents should also talk to business clients about securing media coverage, advises Derigiotis. “Any company that has a website with copy written material or a comments section has exposure. Business owners can be responsible for libel committed by their employees who are writing on the websites.” Advertising agencies, brand/marketing consultants, social media agencies, public relation firms, press and literary agencies, web design companies and telemarketing companies are especially vulnerable, Derigiotis notes. “Any company that publishes web content should look at media coverage. Traditional policies don’t address the new media threats that companies are facing today.”