Cyber Liability: Questions to Ask About Your Coverage
We’ve all heard the stories of overseas hackers breaking into networks to steal credit card numbers, and other private information. The fact of the matter is, it’s happening with increasing frequency, and even though you think your network is protected by passwords and firewalls, a privacy breach is a growing possibility. You should know that cyber liability is not specifically covered under most existing business insurance – you need to develop an insurance solution especially for this.
Why doesn’t your general liability policy cover you? Most business coverage protects your computers themselves, not the data they contain. General liability specifically excluded copyright claims, trademark and trade secret infringement. Personal injury provisions generally relay on “publication” — an undefined term that may apply to dissemination of material pirated from your computers. Yes, there have been some instances of coverage for computer network privacy breach under general liability coverage, bit if you rely on this for coverage, you may find yourself in deep trouble.
Neither will Business Interruption coverage help. Though its an important part of any business coverage solution, it will not respond to outages caused by computer viruses or hackers. Plus, California and 46 other states require notification to individuals whose records have been compromised, as well as fines and penalties if you neglect to report the breach. I can help develop insurance solutions to cover these issues. Just remember, your existing general liability coverage does not provide reimbursement for the expenses required to comply with the law in the event of a breach.
What does this coverage cost? First of all, NOT being covered for the cost of a breach could end up costing you a lot more. While cyber liability is still a relatively new concept, I’ve found that there are very affordable insurance solutions to fit the budget of every business. Just remember, if you don’t purchase this coverage, you will be liable for first-party expenses including hiring forensic IT experts, notification of customers, providing annual credit monitoring, lawyer expenses and any applicable state or federal fines or penalties.
You have an IT department and firewalls. Do you need more? A growing percentage of data breaches occurs as “inside jobs” — caused by rogue or disgruntled employees, or just plain dumb mistakes. Employees leave passwords exposed, open malicious spam e-mails, lose their laptops, tablets and smart phones – in fact, a large number of security breaches are caused by employee action. Keep in mind that paper records can create security problems as well: customer information, old credit card receipts and employee files that have been thrown into the trash are just as vulnerable as if a hacker logged into your network.
You use a third party for reservations and credit cards. Why do I need coverage? If you’re among the growing number of businesses that process credit cards online or take online reservations, chances are you are using a third party vendor and you are not storing the data on your own network. But you should know, if your customers’ information is breached on your vendor’s network, you are still responsible.
What are California’s privacy notification laws, fines and penalties? In California, S.B. 24 requires the inclusion of certain content in data breach notifications including a description of the incident, the type of information breached, the time of the breach, the toll-free numbers and the addresses of credit-reporting agencies. In addition, S.B. 24 requires the breached business to send an electronic copy of the notification to the California Attorney General if a single breach affects more than 500 residents. (California already requires notice to the Department of Public Health for breaches involving patient medical information).
Remember that cyber liability is a relatively new concept, and insurance solutions are constantly evolving. The fact of the matter is, you need protection, and I can help. If you’d like to continue the conversation about this issue, I look forward to hearing from you.