It was a story that either tickled funny bones or struck a nerve in the summer of 2015: The hacking of the Ashley Madison adult-dating website and the subsequent release of millions of user identities and their payment information.
Since the news broke last August, everyone from the average Joe to government officials have been linked to the site, and the fall-out looks to be significant.
Your business may be less controversial and more mainstream than Ashley Madison, but there are lessons to be learned from this event. What would you do if this happened to you?
The damage can be extensive
Among the 33 million user accounts revealed in the hack were celebrities, religious leaders, activists, military personnel and government officials. Reputations have been sullied, identities have been stolen and extortion attempts have been made.
A Canadian class action suit worth $578 million has already been filed. For a company that only brought in $115.5 million in revenue in 2014, the Canadian class action suit could bankrupt them, and that is sure to be just the tip of the iceberg.
Cyber liability insurance can and should be purchased for nearly every type of business. This insurance policy would provide coverage for the costs of customer notification, credit monitoring, and even financial losses incurred by your customers.
Continue reading ...
Companies that are hacked may not have insurance coverage in all countries. (Photo: iStock)
You might not be covered everywhere
Ashley Madison and its parent company, Avid Life Media, are companies based in Canada, but their site had worldwide reach. In fact, when Avid Life Media released a statement about the hack, they advised that they were working with not only Canadian authorities, but also the FBI to find the hackers and bring them to justice.
In the meantime, class action lawsuits are filed or being considered in a number of American states including California, Texas and Arkansas. Suits against the Canadian company are being filed in the United States.
Does your business have customers outside the United States? Where do you think those clients would file lawsuits against you if they live and work outside of the United States? (Hint: the lawsuit probably won’t be filed in the United States)
Businesses with customers outside of the United States should pay special attention to the coverage territory of their Cyber Liability policies. Because these policies are most often written on a manuscript form, coverage may be included for other countries, but you have to let your broker know that you need it.
Continue reading ...
Website hosts may not offer any relief in the event of a data breach. (Photo: Shutterstock)
Who can you turn to?
One of the lawsuits filed in the Ashley Madison case was against Amazon Web Services and GoDaddy.com, the two companies that hosted the site on their servers. Users are suing for "intentionally inflicting emotional distress upon Ashley Madison users."
Does your website host have Cyber Liability coverage sufficient to cover the damages if your site is breached? That is unlikely. Would their coverage defend you in the event your site is breached? Probably not.
When you sign up for hosting services you must first sign (physically or digitally) a user agreement. It is a long document that most people don’t read before signing, but buried in the fine print is usually a statement that the host assumes no liability for either the content of your site, or the breach thereof.
In other words, you cannot count on a third party to defend you, and that third party may even come to you looking for relief from any court costs they may incur on your behalf. This adds further damages to an already expensive situation.
Related: How to develop a cyber strategy
You cannot rely on your website host to protect you. Cyber Liability insurance is the best way to protect your business in the event of a data breach.
Continue reading ...
Data breaches are changing the standard for website and personal data security. (Photo: Shutterstock)
What the Ashley Madison breach means to you
The Ashley Madison scandal is an extreme case, and most people probably won’t be sad to see the site disappear. However, there is potential fallout from this case that will affect any company with a website presence that deals in customer data, whether it is personal or financial in nature.
The standard for website and personal data security will change, making security requirements for businesses more stringent. User notification in the event of a breach will need to be faster. No longer will companies be able to reimburse users for stolen money, set them up with credit monitoring, and call it done. The total cost of cyber breaches will increase because of new legislation.
A Cyber Liability policy can be written to cover many things, including forensic analysis, loss of revenue because of loss of reputation, even regulatory defense and penalties. Hackers target websites of every size and in every sector, so it isn’t a matter of if your site will be targeted, but when. Cyber Liability insurance coverage is now more important than ever before.
Galen Hayes is president of El Sobrante, Calif.-based insurance brokerage and risk management firm Hayes Insurance.
Have you Liked us on Facebook?
Want to know more about cybercrime? Then join us at America's Claims Event (ACE), June 22-24, where you'll find solutions to the challenges you and your team face daily. From technology to customer service to fraud and litigation, this two-day networking and educational conference is designed for claims professionals. Register to attend and save $350.