Professional & Cyber Liability

Cyber Liability Insurance

Many companies will have a data breach incident - the question is, can you handle it if it happens to you?
Cyber Liability insurance addresses the very real risk of the exposures an organization may face arising out of a data breach involving internet communications and computer network activities. A data breach, which is the release of sensitive, protected, private information which is in the care, custody or control of an organization, into the wrong hands, can be a devastating loss to that organization. You are responsible for protecting this information and can be liable if it is compromised.

Cyber Liability Insurance - Is Your Company Prepared For A Data Breach?
Despite our best efforts to insure the integrity of sensitive data, we find ourselves vulnerable to numerous forms of intrusion. Being vulnerable is not a criticism of your company's IT people, or their efforts to protect this sensitive information. After all, the federal government , with their seemingly unlimited resources, and whose undoubtedly best efforts have been made to protect information, have fallen prey to hackers on more occasions than we are likely to appreciate.

In addition, a number of newly adopted legislation and regulations makes organizations responsible for safeguarding the personal and confidential data they collect, and an array of state and federal laws (HIPAA, for example) provide significant penalties against companies that fail to protect this sensitive information. Companies are liable for customer credit card information, financial transactions, medical history, and many other types of privileged and private information.

Any organization that stores Personally Identifiable Information (PII) is at risk for a data breach.

Personally Identifiable Information can include, but is not limited to:

  • Protected Health Information (PHI)
  • Credit card information
  • Financial information
  • Social Security numbers
  • Driver's License numbers
  • Business Information of others
  • Employee or client information


There are many scenarios where this information might be compromised. Your employee might inadvertently leave a laptop on a plane or in a cab. A computer might be stolen. An employee might accidently send an email containing personal client information to the wrong recipient. Payroll records or a computer hard drive might not have been disposed of properly. A third party vendor who has access to your information might have a system failure putting that information at risk. A back-up drive could be stolen or lost. A dishonest waiter might steal credit card information.

What If A Data Breach Occurs?
Most often a data breach will be discovered by a customer. You might receive an angry phone call from a client saying an unauthorized charge has appeared on their credit card and they believe your organization was involved.

Now the clock starts ticking - what steps must be taken?
If you have Cyber Liability coverage with a carrier who is well-versed in this matter, you will be dealing with a "Breach Coach" who will quarterback the whole process:

  • The source of the breach must be identified.
  • The breach must be isolated.
  • Customer notification - when a data security breach is discovered, notification must be made to all the affected individuals. Some states even require companies to notify all their customers if a breach is even suspected. Notification can be handled through mail, telephone, email, or through the news media depending on the size of the breach and jurisdiction where the breach occurred. These costs have been estimated to be as high as $30 per customer, and in many cases more. If the breach involves Protected Health Information (PHI) you may have violated HIPAA Privacy rules - there are 47 different state laws regarding notifying patients of a privacy breach.
  • Legal - you must be prepared to handle any Privacy Injury lawsuits, and deal with fines and penalties.
  • Brand protection - what will this do to your organization's reputation? How can you control the potential damage through PR, publicity and social networking sites?


What Protection Can A Cyber Liability Policy Offer?
Cyber Liability policies are designed to address exposures resulting from two types of damages -"first party" and "third party". First party is when your own information is breached, and third party is when customer or partner information your organization has in its possession is breached.

Cyber Liability Coverage can include:

  • Privacy Liability
  • Network Liability
  • Media/Website Liability
  • Business Interruption/Extra Expense relating to the breach
  • E-Business Interruption
  • Data Restoration
  • Crisis Management Expenses
  • Expenses to notify affected parties
  • IT forensic costs to determine how the breach was caused
  • Electronic Media Liability
  • Cyber Extortion
  • Cyber Terrorism



 

 

 

Important Note - The information on this site is general in nature. Any description of coverage is necessarily simplified. Whether a particular loss is covered depends on the specific facts and the provisions, exclusions and limits of the actual policy. Nothing on this site alters the terms or conditions of any policies. You should read the policy for a complete description of coverage. Coverage options, limits, discounts and deductibles are subject to availability and to individuals meeting underwriting criteria. Not all features available in all areas.