Cyber Liability

Information Security and Privacy Insurance AKA

Cyber Security Liability

 

Privacy, Data Breach and Cyber Liability-OH MY!

 What is the cost of a data breach?  The Ponemon Institute research reveals the cost of a data breach is $214 per customer record. www.ponemon.org.

 What is a breach?: A breach is defined as an event in which an individual’s name,  social security number, drivers license number, medial record or a financial record/credit/debit card is potentially put at risk-either in electronic or paper format.

 Recent developments in laws such as HIPPA, Gram Leach Bliley Act of 1999 and FACTA,-Fair and Accurate Credit Transactions have made employers responsible to notify their customers in the event of a security breach and may require credit monitoring for up to one year.

 Cyber Liability insurance is insurance coverage that is designed to provide protection against data breaches, network security, intellectual property, privacy issues, error and omissions as well as other internet or technology related problems.

 Cyber liability insurance can also cover data breaches related to the physical loss of laptops and other computer equipment when they are stolen by employees or people outside of the corporation.

 Why you need this coverage:

 Your employee’s company laptop is stolen from his home. The laptop contains the private financial information of your customers. Your customers sue you for damages resulting from your failure to protect their private information.

  •  Your employee inadvertently downloads a destructive virus that spreads to their files housed on your computer network. Your client downloads information from your website, allowing the virus to spread to the client’s computer system and resulting in widespread loss of data and a computer network shutdown. Your client sues you, contending you should have prevented transmission of the virus. The client seeks damages for the lost data and economic loss caused by the network shutdown.
  •  Security breaches have affected Sony, TJ Maxx, Hannaford Super Markets and many more.
  •  47 States now have Breach Notification Requirements

 A traditional insurance program does not protect against cyber liability exposures. A specialized insurance policy is required to protect your business from hackers, attackers or just plain bad luck.

 Each insurance policy is unique. It is important to identify your level of risk and choose an insurance product that fulfills your needs. Items to consider are: forensic investigation to verify the breach, crisis management, notification costs, cost of system repair and security restoration, extortion coverage-pays expense to investigate and settle as well as arranging payment.

 Other coverage to consider include liability for defense of proceedings initiated by regulators, vicarious liability for data entrusted to third parties and credit monitoring expenses for clients.

 Tips on how to manage your cyber liability risk:

  • Have a formal process in place to update software, firewalls and anti-virus programs.
  • Safeguard mobile devices that hold sensitive personal data. Encryption is a key tool to so this.
  • Safeguard personal information within the workplace and restrict access to staff.
  • Develop a firm set of operations and procedural guidelines.
  • Implement regular training on security procedures.
  • Make sure you have a crisis management plan in place which has been rehearsed and can be executed as soon as you detect a potential security breach.
  • The first 24 hours of a security breach is critical; implement the crisis plan immediately.
  • Purchasing an insurance policy will assist in covering the major costs associated with a security breach. An insurance company will also have resources available to advise you on how to handle the situation.

 There are several websites that you can find the latest information on breaches as well as regulatory information. If you would like some additional information there are several websites that you access.  Below are two recommended websites.

  http://www.idtheftcenter.org/ http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml