From the April 2012 issue of Claims Magazine •Subscribe!

Corporate Identity Theft

Minimize Risk of Reputational, Financial Harm

Corporate personhood is the notion that corporations have rights and responsibilities similar to those of an individual person. It follows that if a corporation has the same rights and responsibilities as a person, it can also have an identity and thus be the victim of identity theft.

National Public Radio (NPR) recently reported on the growing trend of business identity theft in which perpetrators pose as legitimate businesses to steal customers or to gain access to the business or to customers’ financial information.

The NPR story focused on the owner of a pest control business who opened the Yellow Pages to find three other listings with the same company name, none of which were affiliated with him. While he had no way of knowing for sure, he assumed customers were calling the impostors thinking it was, in fact, his business. He worried that impostors would either harm his company’s reputation by providing inferior services or use his name to acquire customer information.

Other tactics identity thieves may use include establishing lines of credit under the business’s name or resurrecting defunct businesses without the original business owners’ knowledge and taking out loans and lines of credit.

Standard commercial property and liability insurance covering tangible property generally does not adequately address cyber risks, such as corporate identity theft. Coverage can be obtained for some exposures under a cyber liability policy. These policies contain coverage for losses such as privacy notification expenses—the cost to notify customers of security breaches that have left their financial information exposed—e-business interruption, e-theft, and e-vandalism.

Cyber Liability Programs
The policies can usually be underwritten on either a package or a stand-alone basis, depending on the company’s size. Stand-alone programs for larger risks are available on a modular or menu-driven framework and are generally tailored to the company’s specific exposures. Cyber liability programs normally cover both first-party and third-party liability, including errors and omissions.

Coverage for security breaches and identity theft can vary considerably from one company’s Internet liability form to the next. Many provide no coverage or only partial coverage in their base forms for what is often referred to as unauthorized access, unauthorized use, and associated coverages. It is often recommended by cyber risk experts that a policy specifically state that it covers identity theft and/or credit card fraud or that the policy at least grants coverage for negligence generally in the performance of insured services and not contain any applicable exclusion.

While insurance is one way to manage the risk of corporate identity theft, it obviously does not come into play until the damage is done. It may be a long time before the identity theft is discovered, and the company’s reputation could already be in jeopardy at that point. The best practice is to take steps to avoid or minimize the risk. Some areas businesses should consider when framing an anti-identity-theft plan include the following:

  • Protect personal information. Most companies maintain some sort of files containing personal information, be it credit card numbers, patients’ medical histories, or employees’ or job applicants’ Social Security numbers. This information may be received via Web sites,  email, and call centers as well as in person. This information can be stored in a variety of computers, flash drives, filing cabinets, copiers, or mobile devices. Steps must be taken to secure personal information, either physically behind lock and key or electronically using network security measures. Employee training on the proper way to handle, store, and dispose of this type of information is also vital. 
  • Protect business records. In addition to hacking into company networks and using other high-tech methods, identity thieves continue to use low-tech methods such as intercepting mail, stealing trash, or physically taking documents. Companies should evaluate what records are needed to maintain the business, inventory those records, and use electronic statements to limit the amount of mail containing company information. The company should never share financial details or documents through email.
  • Monitor credit and other activity. Businesses should check credit reports on a regular basis and be on the lookout for unexpected charges or bills. 

The Federal Trade Commission’s Web site ( provides many tools businesses can use to formulate a plan and to protect themselves and their customers from identity thieves.

While companies may rely on insurance to address some of the losses resulting from corporate identity theft, by taking measures to minimize the risk, a business may avoid damage to its credit history and reputation.

Page 1 of 3

Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Union used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Claims Connection eNewsletter

Breaking news on disasters, fraud, legal trends, technology, and CE initiatives for the P&C claim professional – FREE. Sign Up Now!

Claims-Handling Guidelines

Claims Magazine is providing the following free guidelines and regulations in order to help adjusting professionals stay abreast of each state’s unique property and casualty claim-handling requirements.

View our State Guidelines »

Advertisement. Closing in 15 seconds.