With the emergence of social media, utilizing cloud companies as vendors, and the use of the internet in general for virtually every business, network security claims have become a reality for all types of companies—small, medium, and large. Network security liability, commonly known as cyber liability, is becoming a more necessary and important part of any organization’s liability coverage. Just ask Sony.
Who needs this coverage? Any business managing sensitive customer or employee information, third-party corporate information, a computer network, a website, or social media should consider network security liability coverage.
As a newer product, many clients may not understand what the coverage is for, and many clients mistakenly believe that their current liability policy will cover any potential cyber attack or “hacking” issues.
Below are four key things that agents should discuss with their clients and consider when issuing a network security liability policy.
Understand your client’s industry and the type of information they store. Ask yourself, “What potential risks does the company have? How are the company’s customers at risk?” Different industries gather unique sets of data about their customers. For example, a bank or financial institution will have access to customers’ social security numbers; savings and checking accounts; credit card numbers; and contact information. Even retail companies that offer credit cards have access to customers’ financial data.
It is important to discuss with your clients the types of personal information they gather from customers, how it is stored, and who has access to it online. Understanding the severity of a company’s database being hacked in the event of an emergency will help you uncover the appropriate levels of coverage and guide your clients toward more strategic risk management practices in regard to gathering and storing customer information.
Review the insured’s current coverage. Review with your clients their current insurance policies. Find out what is covered in the company’s general liability and professional liability policies. Look for gaps in coverage and educate the clients on what is currently covered and what is not in their policies. Since network security liability is a newer insurance product and “hacking” is a relatively recent phenomenon, clients may not be aware that they are even at risk, and they may not understand that this type of risk is not covered under their general liability.
Review governmental policies relating to your client’s industry. There are many national guidelines for how personal information is gathered, stored and shared for U.S. citizens. Depending on the industry your client is in, different governmental regulations may apply. For example, in health-related fields, clients must be aware and compliant with patient protection guidelines according to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Also, review the state policies for your client. In some states, it is required that companies notify customers if their personal information will be made available or has potentially been gained access to by anyone outside the company.
Discuss loss of client business due to hacking and the short- and long-term effects on the company. If your client’s database was hacked today, would your client still be able to conduct business? For many “cloud” companies these days, a serious computer virus or a cyber attack could devastate the company’s vital software and database programs needed for daily operations. If this happens, will your clients be covered under their current policies for loss of income? Will a “hacking” issue dramatically affect profits and customer loyalty? Although the immediate effects of a cyber attack may be identifiable, the long-term effects to a company’s brand image and customer trust may take years and significant financial investments to restore. Not all of the risks associated will be insurance-related or covered under any additional policies, but it is helpful to walk your clients through all the potential scenarios, not to scare them, but to make sure they have emergency programs and resources in place.
Technology is one of the greatest business assets available today, providing organizations with global options and access never before experienced. Working with your clients to make sure they are well protected in the event of a cyber attack not only can help your client relationships grow, but also can ensure the future longevity and success of your client’s business.