Security & Privacy
The threat is very real. A business is more likely to experience a loss due to a hacker incident or network breach than a fire.
The exposure
More than 9 million Americans had their identities stolen each year at a total estimated loss of $15.6 Billion according to an FTC commissioned survey in 2006.
According to a Ponemon Institute Study, the average cost per record is $214 in 2010, up from $182 in 2006.
It seems indisputable that we are all exposed like never before to the threat of security and privacy losses. And as businesses increasingly house data and information online and in the “cloud”, the cost associated with an information security breach is steadily climbing, and the repercussions are wide-reaching.
Is there really any way to gauge the security of a company’s computers? Privacy Rights Clearinghouse, a nonprofit consumer advocacy group, stated in a study it conducted that because there are so many ways that a company’s sensitive data can be compromised there really isn’t any way to gauge the security of a company’s computers.
IT analysts and consultants agree, and point out that while technical security systems continue to improve, e-risks still exist because the threats continue to evolve and stay one step ahead of the security safeguards.
Legal Environment and Expanding Liability
Network Security and Privacy laws are still in their infancy, but new theories of liability are gaining traction in the courts and the legal liability landscape is sure to continue to change with future court decisions. What seems certain is that evolving case law and legislative initiatives point to a trend toward greater liability for data breach and privacy perils. Lawyers further point out that legal negligence can be emphasized by non-compliance with a growing list of privacy and government regulations that govern the security of certain data.
With constant media attention to this problem and increasing reliance on the internet and third party business partners, businesses today are aware of their susceptibility to attacks and/or network breach incidents. What they need to better understand now is what the insurance options are to protect them.
The Insurance
While a strong program of risk mitigation is essential for maximum financial protection related to data breach and privacy perils, insurance is part of an effective risk management strategy.
Like technology itself, the technology risks market place is ever changing. Understanding what is available and what a given policy covers can be challenging.
There are more insurance companies now offering some form of security and privacy policy that provides first and third party coverage to respond to many types of losses associated with security and privacy risks.
What is frustrating is that the policy forms and premium rating plans are far from being standardized and vary greatly in both the breadth of coverage offered and premiums. What’s more, the language used in these multiple agreement forms adds to the complexity of navigating through them, and comparing coverages between various insurance products. As the number of insurance products expands the difficulty of staying on top of all the information increases.
As a specialty coverage brokerage and intermediary RF Ougheltree & Associates, LLC has committed resources to follow the development of this specialty coverage from the start and is qualified to assist Brokers and Agents and their clients to support exposure identification, coverage analysis and policy placement to fit an insured's risk profile.
Market
The industry for this sector is now made up of over [25] companies that in the aggregate have over $200 million in limit capacity. The majority of this capacity is distributed through the surplus lines channel. There are a number of different products available in the market. Some carriers target small business only while others target larger and higher risk accounts. Still more, the security and privacy coverage can be bundled with other commercial insurance coverages to simplify the task of effectively insuring risk.
Eligible Classes:
No restrictions. All classes are eligible for this coverage including higher risk classifications that include:
- Auto Dealers
- Data Processing Firms
- Disaster Recovery Firms
- E-Commerce Businesses
- Educational Institutions
- Financial Institutions
- Healthcare
- Retail
- Technology firms
Coverage:
- Admitted & Non-Admitted forms
- Primary and Excess
- Worldwide coverage
- Limits capacity of over $200,000,000
- Privacy Liability
- Coverage for theft of personally identifiable non-public information in computer data and hard copy form and liability arising from failure to comply with state breach-notice laws.
- Coverage for failure to comply with the insured's privacy policies.
- Computer Information Security Liability
- Third party coverage in response to unauthorized access, theft of or destruction of data, denial of service attacks and virus transmission involving the insured's computer systems resulting from computer security breaches.
- First party coverage for losses arising from failures to prevent network security breaches
- Breach response coverage for forensic costs to discover what caused it, costs of legal assistance, notification, credit monitoring, call center expenses and loss prevention services
- Regulatory fines and defense costs
- Coverage for destruction and loss of data
- Business interruption
- Cyber extortion
- Crisis Management for public relations and consulting to deal with lost customers and damaged reputation
- Cross over coverage extensions for Content on the insured's website and internet-related exposures including advertising injuries that are not covered under many of today's general liability policies.
- Risk Management Services
Applications:
Basic Coverages for Small Businesses
Modular package - including GL and Office Package
Articles:
Cyber Risk in 2012: Get Your Head in the Cloud
Managing Cyber Supply Chain Risks
Silent Internet Data and Hacking Threats
Making social media work for you:Eight tips for reducing legal risks.
Other Coverages:
All or most other coverages that comprise the RFO practice are appropriate.
While coverage is available in the traditional monoline form, an increasingly popular policy format for offering protection is bundling coverage as a package.
There are two basic packages that are gaining in popularity: a comprehensive version that lets the insured select from a full array of coverage modules to match their risk profile, and a specified limited version with cross over options for media liability/ internet E&O which is designed to address intellectual property, defamation, deceptive trade practice issues that arise directly from a company’s Internet sites and activities, and professional liability insurance. For eligible risks the General Liability and Office Package can also be included.
Contact a staff broker to discuss a particular account.
All insurance product and/or coverage descriptions are informational only. It is neither an offer to sell nor a solicitation to purchase any particular insurance product. Coverage may not be available in all jurisdictions.