In today's 24/7 business world, companies and their customersare consuming, sharing and storing data at an unprecedented rate.This data has in fact become one of an organization's most valuableassets, but unfortunately it can also be its most dangerous.

Most businesses are not aware of the risks associated with thisinformation or the best ways to protect it from harm.

In addition, the use of social media and networking initiativeshas brought hidden risks to businesses they never thought possible.The ownership of Internet risk is a gray area, and customers orusers of Web sites that do the wrong thing can now expose companiesto unseen liability–ranging from data piracy and intellectualproperty infringement to reputational harm and libel/slanderlawsuits.

Many companies, however, are blind to these risks. Even someinsurers are finding themselves behind the curve.

What's urgently needed is an understanding of the risks posed byWeb 2.0 and the development of strategies to address those risks,including new insurance products.

One big concern is whether Web-based communities will becomeliability breeding grounds.

Web 2.0 encompasses the social networking and social mediaaspects of the Internet. There's Facebook and YouTube, niche sites,and corporate-sponsored online discussion groups.

Companies started social networking sites to connect withcustomers. Individuals and businesses jumped on blogs, wikis,professional networking sites, audio and video file-sharingcommunities, and user groups.

For companies, the data explosion means they no longer solelycontrol their brand and message. For individuals, it means everyaspect of their online personas is fair game for marketers,criminals, hackers and others.

And in virtually every corporate or individual case, there is anentity–a corporation, an organization, data processor, applicationservice provider, e-commerce company, or networking or file-sharingservice–that has legal responsibility.

How did we get to the point where this risk grew with scantunderstanding and minimal risk-transfer strategies?

Over the past several years, companies have been focused one-commerce data-breach risks, such as the inadvertent or criminaldisclosure of credit card and Social Security numbers. To be sure,those risks are real and continue to grow.

But Web 2.0 liability is emerging as an equal if not greaterrisk.

As data grows in importance, affecting everything from stockprices to consumer confidence, it has soared in value. Informationthieves, black market data buyers and data brokers have swooped in.In general, the more detailed (or salacious) the information, themore valuable it is and the greater the liability.

Currently, businesses are facing three major threats:

o Data privacy breaches

o Intellectual property violations

o Media/advertising risks

Operating under the misconception that cyberspace is controlled,secure and anonymous, many people post intensely personalinformation about themselves.

Sites and communities of all types have vast treasure troves ofdetailed information, including profiles, history and behavior.They are also vast e-mail and storage repositories. It's not hardto imagine an on-rushing wave of class-action lawsuits if thisinformation were to be exposed.

Intellectual property violations, one of the early social mediabattlegrounds, continue to threaten brand identity and reputationas well as valuation. MarkMonitor, which specializes in onlinefraud protection, determined that online sales of counterfeit andgray-market goods will cost businesses $137 billion this year.Tiffany has sued eBay, Viacom has challenged YouTube, and the listgoes on.

There are also media and advertising risks, including thedissemination of false, misleading, discriminatory or harmfulinformation, and direct attacks on competitors.

A big problem is that the liability of such Web usage hasoutpaced risk-transfer strategies. Companies and the insuranceindustry have lagged as the risks have accelerated. Evenforward-thinking, risk-focused companies are racing to catch up.While it can be done, companies and their insurers must takeimmediate action. Top management must understand that theircompany's valuation now includes information assets, liabilitiesand risks.

For many companies, suggested first steps include coordinatingcompany leadership in critical departments such as marketing, riskmanagement, legal and information technology. Marketing and salesdepartments are often chiefly responsible for collecting andanalyzing data. Other departments may not even be aware of thescope of the effort.

The goal is to have a clear, comprehensive picture of what datais being collected, how it's being stored and protected, and whatit's being used for. Legal, risk management and IT experts can thencollectively analyze and mitigate the risk as a united front fromall angles: operational, technical and policy.

The next critical step for a company to take is a review of itsexisting insurance policies. General commercial liability andumbrella policies do not cover the majority of activitiesassociated with Web 2.0 and social media liability.

Given that the landscape is evolving so quickly, it's importantto find a broker or agent with specific Web 2.0 knowledge andexperience, not just general cyber-liability expertise. Finally,the broker and the company's leadership must work together todevelop a custom policy that addresses specific needs andthreats.

Although each company is different, some general areas ofcoverage include:

o Third-party coverage for data privacy and network securityliability; Internet and electronic media liability; andprofessional services liability.

o First-party business interruption coverage in the event of anetwork security breach.

o First-party cyber-extortion coverage for threats against dataand identity theft.

o Intellectual property coverage for advertising and technologyproducts.

o Reimbursement for expenses related to responding to a majorprivacy event, such as notification of affected parties, dataprivacy regulatory fines and investigation of the event by outsideexperts.

The Web 2.0 insurance market is fast-changing and characterizedby continuous development and innovation. Insurers, agents andbrokers–and their clients–need to educate themselves regardingcyber-liability insurance products in order to stay current withtechnology, legal and regulatory developments.

The Web has revolutionized how we live and do business. The fullimpact of Web 2.0 liability is still mostly unknown and litigationis just beginning.

Unlike past risks, which have been easier to identify and lessfluid, Web 2.0 liability changes day to day. This nascent areaoffers the insurance industry the opportunity to step up and leadthe effort to protect businesses from the unseen liabilityassociated with social media and networking so that clients canexplore these new business opportunities without falling victim tothe hidden risks.

Art caption: