Articles

If You Think You Don’t Need Cyber Liability, Think Again

Photo Credit:Flickr/Perspecsys Photos
Photo Credit:Flickr/Perspecsys Photos

In this digital day and age of infinite storage in the cloud and most of the world conducting business via computer and the Internet, any business that thinks they don’t need cyber liability coverage needs to be aware of the cold hard facts. Consider the following: In 2014, according to the non-profit Identity Theft Resource Center (ITRC), there were 342 data breaches exposing 9,015,970 personal records.  Target, eBay, Home Depot and American Express are just a few of the major corporations who were hacked. In 2015, one of the biggest data breaches occurred at the IRS.

How do you think your club would fare if a cyber thief hacked into your members’ records? It is not just the major corporations that are being hacked. Small businesses in every industry are constantly experiencing these breaches. Any company that stores consumer information and relies on technology is vulnerable.

No matter how your customer’s information is accessed, whether an employee laptop is stolen or someone hacks into your system, a cyber insurance policy can help you not just weather the storm, but in many cases keep you in business. Many businesses do not understand the scope of cyber liability and how it has grown.

The first cyber coverage insurance policy was written about 20 years ago. During that period it was only technology companies that were purchasing errors and omissions (E&O) insurance as it was called back then. Over time this coverage extended to include events like a software product shutting down another company’s network, unauthorized access to a client’s system, data destruction or a virus.

Roughly a decade ago, those E&O policies began to expand providing coverage for breaches of confidential information. Retailers and other companies who held substantial consumer data took notice and wanted similar coverage even though they weren’t providing technology services.

Those companies, understandably, wanted standalone cyber products that covered network security and privacy liability. This is an important evolution in light of the fact that those exposures are so dominant in today’s world.

Typically today’s cyber coverage is some combination of four components: Errors and omissions, media liability, network security and privacy.  You may or may not know what combination would best serve your club’s needs. However, your current insurer should be able to help you select the most beneficial combination of coverage based on your understanding of each component.

Errors and Omissions: 

E&O covers claims arising from errors in the performance of your services. This can include technology services, like software and consulting, or more traditional professional services like lawyers, doctors, architects and engineers.

Media Liability: 

These are advertising injury claims such as infringement of intellectual property, copyright/trademark infringement and libel and slander. Due to the Internet presence of businesses today, technology companies have seen this coverage migrate from their general liability policy to being bundled into a media component in a cyber policy (or a separate media liability policy). Coverage here can extend to offline content as well.

Network Security: 

A failure of network security can lead to many different exposures, including a consumer data breach, destruction of data, virus transmission and cyber extortion. The culprits might be looking to shut your network down so you can’t conduct business, either for financial or political gain. Network security coverage can also apply if you’re holding trade secrets or patent applications for a client, and that information is accessed due to a failure of your security.

Privacy: 

Privacy doesn’t have to involve a network security failure. It can be a breach of physical records, such as files tossed in a dumpster, or human errors such as a lost laptop, or sending a file full of customer account information to the wrong email address. Companies have also faced liability from returning a photocopier with a hard drive that contained unwiped customer tax records. A privacy breach can also include an action like wrongful collection of information.

All insurers use different terminology for cyber coverage; some subdivide the four components above even further, which means that cyber policies can be very difficult to read and compare. Ask your insurance company about cyber liability or give us a call to discuss the options for your club.