Intro to Cyber Insurance
All it takes is one clever hacker or virus to invade your business network and lead to a data breach that can cause massive consequences and financial implications for your company or organization. While ongoing advances in technology and cutting-edge systems help businesses work more efficiently, go paperless and obtain greater gains, these innovations can also leave businesses vulnerable to cyber liability and new exposures to risk.
What is Cyber Liability Insurance?
Cyber insurance is coverage for a broad range of scenarios in which sensitive stored information might be damaged or lost.
The loss of your data property, ideas, confidential corporate information or its inappropriate publication can interrupt your business or cost you time and money. You can also face legal consequences for losing third party information, plus federal law and/or laws in 47 states, Puerto Rico, and the US Virgin Islands require you to notify those owners of the loss within certain time frames.
Unfortunately, traditional insurance doesn’t cover intangible data or intellectual property, especially digital bits and bytes. For this kind of risk, you will need cyber liability coverage.
Cyber Liability addresses the first- and third-party risks associated with e-business, the Internet, networks and informational assets. Cyber Liability Insurance coverage offers cutting edge protection for exposures arising out of Internet communications.
Are You At Risk?
Anyone who collects personal or other sensitive data is at risk. You could be at risk if your files or databases contain any of the following information of third parties or even employees:
- Personal identification information, like SSN’s, email or street addresses and phone numbers
- Credit information, like credit card numbers or billing information or credit reports
- Financial records, including investments and bank information for payroll direct deposits
- Online access information, like user names and/or passwords
- Health records and health insurance information of students or program participants
- Information governed by non-disclosure agreements
For more go to Cyber Risks
The concept of Cyber Insurance takes into account first- and third-party risks. The risk category includes
- Privacy issues
- Infringement of intellectual property
- Virus transmission
- Hacker attack
- Employee Sabotage/Rogue Employee
- Cyber extortion
- Systems Malfunction
- Data stored on laptops and other portables
- Any other serious trouble that may be passed from first to third parties via the Web. This includes any information stored on the cloud
- Information stored both offline and online
- Business Interruption and data restoration
- Breach of non-disclosure agreements
- Notification costs and regulatory defense
- Advertising and other content
- Crisis management and PR costs
- Rogue employees
When do I need Cyber Liability Insurance?
Anyone with a Web site now has the legal liabilities of a publisher. The Internet-that technological wonder of worldwide communication-has spun a whole new “web” of liability exposures.
Creating a Web site is simple. The exposures that come with it are not. Privately owned companies that venture onto the World Wide Web face liability exposures that are emerging, evolving, and complex.
Commercial companies that disseminate information to the public via Web sites face the same legal exposures as publishers, yet most have little or no concept of their resulting legal responsibilities. Moreover, new legislation continues to create potential liabilities, particularly in the areas of user privacy and domain name infringement.
Businesses involved in setting up websites as well as anyone who disseminates information to the public, need to consider new risk scenarios such as:
- Infringement of intellectual property rights
- Breach of confidence or infringement of privacy
- Misuse of any information which is either confidential or subject to statutory restrictions of use
- Inadvertent transmission of a virus
- Damaged, altered, corrupted, distorted, misused digital assets
How prepared is your company for:
• Identity theft resulting from lost or stolen Social Security numbers or credit card, driver’s license, or financial information?
• Hacker malfeasance resulting in theft of confidential information or costly e-vandalism?
• A lawsuit stemming from a security failure or alleged technology error or omission that results in damages to customers?
• A lawsuit alleging intellectual property, trademark, or copyright infringement?
• A lawsuit alleging invasion of privacy, libel, slander, defamation, or product disparagement involving information residing as email; on laptops, PDAs, flash drives, or servers; or on the Internet?
• An e-business interruption resulting from a security failure or Internet virus?
• A cyber extortion threat?
• Costs related to privacy notification, crisis management, and disaster recovery?
What every business needs to know about data breaches:
• The culprit is often someone close to your business. A surprisingly large proportion of data breaches are carried out by insiders—over half by some estimates—or by business partners. A trusted employee could be the culprit.
• The perpetrator could live halfway around the globe. To vandalize your building, a criminal must be on site. But a hacker can operate from anywhere in the world. Organized cyber crime rings operate worldwide 24/7.
• Size doesn’t matter. Half of all companies that suffer data breaches have fewer than 1,000 employees. • Any company can be hit. Cyber criminals don’t care where they steal private information from: retailers, health care institutions, manufacturers, professional service providers, media and entertainment companies, and financial institutions are all likely to be targeted.
• A breach can result from a simple mistake. An employee might misplace a laptop, Blackberry, or computer tapes or leave these in an unsecured location, such as an unlocked car.
• Cyber risk is steadily increasing. Data breaches affect hundreds of millions of records a year and reports of breaches continue to rise at a dramatic rate.
The costs of data security breaches can be significant:
• Many states require companies to notify all of their customers if a breach is even suspected and to take necessary steps to correct the situation—a cost estimated at up to $30 or more per customer. Multiply these costs times your company’s total number of customers, and you’ll see how they can quickly add up.
• Often overlooked is the potential loss of confidence in your organization by your customers and potential customers when a security breach occurs. The fact is that a cyber security failure can significantly impact shareholder value, as well as corporate stability, reputation, and financial performance.
• Until a data breach occurs, there’s really no way to know the extent of the leak or the financial devastation it can cause. Maybe that’s why businesses often underestimate their data security breach risks. Even if your business uses state-ofthe- art security controls, your customers, shareholders, and corporate assets are still at risk from a determined criminal element that can bring operations to a grinding halt. When you stack up the potential costs brought on by a data security breach, risk mitigation—through insurance coverage and loss prevention—is more than a smart investment. It’s business critical.
Why do I need Cyber Liability Insurance?
Traditional liability products including your General Liability, Business Owners Package and Umbrella Coverages do not address Internet exposures and the risks involved in Internet business have blossomed with the Net itself. That is why you need Cyber Liability Insurance.
By disseminating information to the public via a website, commercial businesses now have some of the same exposures as publishers. These include conventional publishing exposures such as copyright infringement, defamation and invasion of privacy, as well as emerging exposures related to operating on the Web.
Traditional insurance policies may not be enough. Think of the potential for trouble:
- A copyrighted image is displayed on your company’s web site without the image owner’s permission
- You find out too late, that your company web site’s domain name has already been claimed by someone else
- The metatags used on your company’s web site are trademark names owned by another company
- Your company’s new web site accidentally includes unfavorable remarks about your competitors
- An outside third party is able to access your customer’s propriety information through your site
The universe of potential plaintiffs is staggering, given the number of people and organizations that are currently surfing the Net, a potential legal action from just one of them could be costly. In a 1999 case, a company improperly used a sports celebrity’s name and photograph on its web site, and the celebrity sued for the “fair market value” of his name, plus additional damages of $750,000. Clearly, the potential liability associated with web site content is already great, still growing, and rapidly evolving.
For a company operating in today’s high tech world, your computer network will more than likely provide internal and external email. You will probably have your own web site providing information about your company, its products and services with even the possibility of e-commerce.
Coverage that should not be considered optional anymore:
Some businesses operate under the belief that their existing insurance policies are enough to cover their data security exposures. Unfortunately, many policies address only specific exposures with dedicated limits that don’t extend to the full breadth of data security breach exposures the way Cyber Liability Coverage does.
Who should have Cyber Liability Insurance as a part of their overall business coverage?
Cyber Liability Insurance for Healthcare, Biotech, and Medical Offices
Healthcare Industry has Specific Risks Protecting the privacy of patients is basic to the operations of any healthcare facility. That privacy can be compromised; personal information can be obtained in many ways and used inappropriately. The risks are not only that the information will be damaged, stolen, or misused; the actual or implied theft of improperly protected electronic data also can result in an extortion threat. The costs and distraction of a hacker’s extortion demand that threatens to shut down an entity’s system or to expose confidential information can be enormous. In addition to the direct costs related to the extortion demand, a facility can have major expenses, including those for the required notification of patients related to the real or threatened release of their identity information. Many states require companies to notify all of their customers if a breach is even suspected and to take all necessary actions to correct any breach
The integrity of computer systems can be breached even with firewalls, virus detection, and many other safeguards in place. A breach can even result from a simple mistake such as a misplaced laptop or inadvertently unprotected back-up media. Whether because of internal incompetence, malicious intent, or the desire to extort money, computer systems and the information they hold can be damaged, pilfered, or held hostage. Facilities cannot function without computer systems providing accurate and timely records, controlling systems, and monitoring vital information flows.
Even the use of email is problematic. An email could result in the crash of another party’s network or transmit a computer virus or other type of malware. In addition, an email, web file, or blog or forum posting could result in allegations of defamation that are costly to defend. Legal actions can be related to security failure or alleged technology error or omission, intellectual property theft, trademark or copyright infringement, invasion of privacy, libel or other defamation, and even product disparagement
Media/Cyber Liability Insurance hybrid coverage is designed for the following sectors of the e-commerce and Internet world:
- e-Professionals– providing traditional professional services over the internet
- Information Technology Professionals– website developers, systems/computer consultants, cloud computing, network engineering, etc
- E-commerce Companies– companies existing only on the net and “clicks & mortar” companies, and content providers such as portals, search engines and specialty providers of content
- Internet Advertisers– traditional organizations utilizing the internet for marketing
Coverage for Your Business and Stakeholders:
Any business who collect Personal data including employee data should have coverage. A company’s networks carry a unique loss potential. The potential exists for hackers/crackers, viruses and malicious code to cause damage throughout the entire virtual enterprise. The damage to your own computer system can also have a dramatic impact on your corporate stakeholders.
The company may experience direct damage (First Party) or liability claims (Third Party). In either case, the security breach in your system may cause untold damage to others linked to your system who depend on your stability.
If your system becomes the point of compromise, you have a fiduciary responsibility to protect your corporate stakeholders at all cost:
- Customers – If your company releases sensitive customer information, how can they be damaged? What will be the impact on your relationship going forward.
- Suppliers/Vendors – If a hacker uses your system to attack your supplier, how will they respond? Will they initiate a retaliation attack? How will the relationship survive?
- Executives/Board of Directors – What will be the cost of embarrassment and humiliation to your board of directors and corporate executives? How will they shoulder the responsibility for e-business interruption?
- Shareholders/Investors – if your e-business fails, how will your shareholders and investors respond? How could your e-business activities harm the trust between you and your financial backers?
- General Public – If users on your system send out malicious code, what will be the impact on the rest of the Internet? How could your e-business activities harm innocent users in your country and around the world?
It is no longer enough to think about cyber risk management after the fact. Denvertechinsurance.com serves to protect corporate stakeholders from cyber liabilities.
What are some examples of actual claims regarding Cyber Liability Insurance?
Some recent examples demonstrate the wide range of technology losses from e-commerce and Internet organizations:
- Denial of service hacking
- User posts libelous material on a bulletin board
- Webmaster uses another site’s content in site development
- Theft of client’s credit card numbers
- Another party’s unauthorized use of your on-line content
- Introduction of a virus into a client’s system
- Inadvertent release of client’s confidential information
- Theft of product designs
- Web site design that does not function correctly
- Employee makes derogatory comments about a competitor
- Employee steals client data
A typical Cyber Liability policy might include the following clauses:
a. First party coverage:
1. Information assets: Actual losses sustained by the insured as a result of a failure of its security system.
2. Cyber-extortion: Threat or connected series of threats to commit an intentional computer attached against the insured.
3. Business interruption: Lost profits and expenses resulting from damage to the insured’s computer network caused by a breach in security.
4. Crisis management: Cost of hiring a public relations, crisis management, or law firm to restore the confidence of the insured’s customers and investors in the security of the insured’s computer system, following a breach in security.
b. Third party coverage:
1. Display of Internet media: Display of any media, including advertisements, on the insured’s website; claims for slander and defamation, copyright infringement, domain name misappropriation, trademark infringement, improper deeplinking or framing, and other items.
2. Providing professional services: Claims for negligence related to a number of Internet professional services (application service providers, domain name registration services, e- commerce transaction services, Internet hosting services, Internet service providers, search engine services, and other Internet related services).
3. Breaches of security: Insured’s damages as a result of breaches of insured’s computer security.
1. Losses from a certified act of terrorism
2. Intentional torts and employee violations of computer network security
3. Physical damage to the computer network caused by traditional perils such as fire, earthquake, wind and water.
C. Other insurance products can go further and protect:
a. Patent infringement
b. Other risks in certain specific Internet businesses (i.e. internet publishing, website hosting, etc.)
Here are the sections of coverage that should be in every Cyber Liability Insurance Policy.
- Liability Coverage, which covers damages from loss or compromise of sensitive third party data, like patient medical records. It also covers liability arising from damage to a third party’s network because the insured’s network caused a data breach, such as if a virus traceable to the insured’s network infects another network. And it covers e-media issues, like libel or slander or misuse of a company’s trademark.
- Privacy Notification Expense Coverage, which covers the cost to notify every person whose privacy has been breached. Often that includes providing the victim services like credit monitoring, identification theft monitoring or restoration of a stolen identity.
- Regulatory coverage, which covers the company’s costs if the breach triggers investigation by state or federal authorities.
- Industry group coverage, which handles fines assessed by industry associations for data breaches. For example, Visa, MasterCard and Discover have established a Payment Card Industry-Data Security Standard. If a credit card issuer fails to adhere to the standard, it can be fined. The coverage handles the fine.
- First party coverage, which handles loss of revenue from network interruptions caused by a security breach, or the cost of restoring lost data.
- Forensic Costs to determine how the breach occurred
- E-threat/Cyber Extortion
- E-Vandalism paying the cost of malicious damage when the vandalism is caused by an employee
- Regulatory Fines-particularly important to healthcare businesses that could be assessed a HIPPA/HITECH fine for a breach on top of all the other costs.
Ten questions that every company should ask:
1. What is the nature of the data that may be compromised in a network security breach incident?
2. What is the scope of the business risk that would arise from an attack on the network that involves the loss of data, the corruption of its integrity or the inability to access that data?
3. What technology controls have we used to mitigate this risk?
4. To what extent will our existing insurance policies cover this exposure?
5 What are the features and limits of cyber-risk policies available to address the residual risk, and how much do they cost?
6. Could we implement additional controls now to qualify for cyber-risk insurance at a lower cost?
7. Are there any additional controls the insurance underwriters would require as a condition for coverage?
8. Are there other steps we can take to reduce exposure to data breaches involving vendors and independent contractors who handle our data?
9. Until the courts address and resolve potential cyber policy coverage issues, what legal uncertainties will we continue to face, and can
those be addressed by negotiating endorsements?
10. Whatever our decision today, under what circumstances should we revisit these issues?
Cyber criminals are smart, and they are highly motivated because there are billions of dollars out there for the taking. It’s tough, if not impossible, to stay a step ahead of them. Because your firm getting attacked is probably not a matter of if, but when, procuring a robust, tailor-made Internet or Cyber Liability policy is necessary.
Cyber Liability Coverage For Business
Identity Theft Protection with Restoration for Pennies per day with Kroll/ID Shield
Value of A Kroll Consultation and Restoration ID Shield has an exclusive relationship with Kroll to Restore YOUR identity
IDShield vs Credit Monitoring Did you receive a notice from Anthem or another entity that your data was breached? Do you understand that Credit Monitoring is just that “monitoring for someone opening up credit with your data” and does nothing to restore an identity that is stolen with the breached data…..and this can occur months/years after the breach occurred and past the date of any free monitoring. It also does nothing to help if someone is using your identity for other purposes
Complete Your Coverage with Legal Services includes free calls to attorneys, free contract review, and free will!