Every day small, medium and large businesses are victims of cyber crimes committed by hackers. There is a cyber liability exposure for every type of business operation—from “Mom & Pop” stores to multibillion-dollar corporations.

Some of the more widely publicized incidents include First Federal Savings Bank, which had $415,000 hacked out of a savings account, and Kaiser Permanente, a health care consortium, which was fined $200,000 for publicly posting 150 patient names and addresses. And these are just a few of the notable accounts. There are hundreds more instances that go unpublished.

Medical offices, hospitals, rehabilitation clinics and nursing homes affected by Health Insurance Portability and Accountability Act (HIPAA) legislation are at risk. In addition, insurance agencies and mortgage companies have faced steep penalties from lawsuits resulting from privacy breaches.

Many insureds think their comprehensive general liability policies will cover these security breaches, but they are wrong. With gaps created by exclusions and endorsements on the general liability policy, special cyber liability insurance coverage has become a necessity.

UNDERSTANDING THE COVERAGE

Exclusions from the CGL form are present in both Coverage A, the coverage part for bodily injury and property damage liability, and Coverage B, which covers personal and advertising injury liability.

The pillar of cyber insurance coverage is the third-party exposure that is covered underneath the standard “stripped down” form. Third-party coverage protects the insured from the daily outside threats of doing business, such as viruses, hackers, transaction processing, compromised information, or communication with customers via the Internet (e-mail and website communication).

It is critical to the safety of securing information and operating systems.

More expansive coverage offered by many insurance carriers includes first-party coverage and media coverage, in addition to third-party coverage.

When comparing various quotes and specimen policies, the most important factor to understand is that there is a drastic difference between the scaled down third-party coverage and the comprehensive coverage offered with the first-party addition and media cover. Some examples of provided protection on the comprehensive cyber form include:

• Breach of duty

• Security costs

• Acts performed by third parties (contractors, vendors, customers, etc.)

• Privacy claims caused by employees

• Media liability (copyright/trademark infringement and personal injury)

Security costs are one of the major benefits of comprehensive cyber liability coverage and include forensic costs, credit monitoring, public relations management and notification costs.

Other notable coverage in the comprehensive cyber form relates to damage caused by a hacker, business interruption and cyber extortion.

There are many additional enhancements that are offered to the comprehensive cyber form, as well. These include multimedia protection, blanket professional liability and even Payment Card Industry (PCI) fine coverage. These coverages can be complex and must be studied by producers prior to presenting or binding.

The first step in selling cyber insurance is understanding the coverage. The next key step in the process is to understand who has exposure and the severity of this exposure. The simple answer is that “all business owners” are exposed. There are, however, some industries where the exposure is more severe and alarming than in others.

There are three major criteria that can be analyzed by an agent, broker or insured to determine if cyber coverage is necessary.

• The first involves recording and tracking clients' personal information including addresses, phone numbers, Social Security numbers, credit card numbers and other sensitive information.

The exposure can come with both paper and electronic records and is covered in the cyber policy either way.

• The second criteria are the operation of a website or server to run one's business.

This includes operation of laptops, BlackBerries, or other portable devices by employees. These open a company to an external threat of viruses, hackers and rogue employees.

• The third and final criteria involve credit and debit card transactions by a business.

This includes companies that do a small number of transactions per day to companies that process hundreds of daily requests.

Once an agent or insured identifies that the exposure is there, it is time to address coverage needs. Keep in mind, cyber liability coverage is complex and consistently evolving. If there are uncertainties in coverage or questions that arise, agents and brokers should consult the company offering the insurance quote.

Nearly every business in operation has been exposed, and stories of substantial losses are spreading through word of mouth and media outlets. With the adoption of technology in the business world, growing Internet threats and future technology advances, the time to position oneself as a cyber liability expert is now.

Special Reports /

Insureds Without Cyber Policies Risk Falling Into CGL Coverage Holes

Related Stories

Recommended For You