Every day small, medium and large businesses are victims ofcyber crimes committed by hackers. There is a cyber liabilityexposure for every type of business operation—from “Mom & Pop”stores to multibillion-dollar corporations.

Some of the more widely publicizedincidents include First FederalSavings Bank, which had $415,000 hacked out of a savingsaccount, and Kaiser Permanente, a health care consortium,which was fined $200,000 for publicly posting 150 patient names andaddresses. And these are just a few of the notable accounts.There are hundreds more instances that go unpublished.

Medical offices, hospitals, rehabilitation clinics and nursinghomes affected by Health Insurance Portability and AccountabilityAct (HIPAA) legislation are at risk. In addition, insuranceagencies and mortgage companies have faced steep penalties fromlawsuits resulting from privacy breaches.

Many insureds think their comprehensive general liabilitypolicies will cover these security breaches, but they are wrong.With gaps created by exclusions and endorsements on the generalliability policy, special cyber liability insurance coverage hasbecome a necessity.

UNDERSTANDING THE COVERAGE

Exclusions from the CGL form are present in both Coverage A, thecoverage part for bodily injury and property damage liability, andCoverage B, which covers personal and advertising injuryliability.

The pillar of cyber insurance coverage is the third-partyexposure that is covered underneath the standard “stripped down”form. Third-party coverage protects the insured from the dailyoutside threats of doing business, such as viruses, hackers,transaction processing, compromised information, or communicationwith customers via the Internet (e-mail and websitecommunication).

It is critical to the safety of securing information andoperating systems.

More expansive coverage offered by many insurance carriersincludes first-party coverage and media coverage, in addition tothird-party coverage.

When comparing various quotes and specimen policies, the mostimportant factor to understand is that there is a drasticdifference between the scaled down third-party coverage and thecomprehensive coverage offered with the first-party addition andmedia cover. Some examples of provided protection on thecomprehensive cyber form include:

• Breach of duty

• Security costs

• Acts performed by third parties (contractors,vendors, customers, etc.)

• Privacy claims caused by employees

• Media liability (copyright/trademark infringementand personal injury)

Security costs are one of the major benefits of comprehensivecyber liability coverage and include forensic costs, creditmonitoring, public relations management and notification costs.

Other notable coverage in the comprehensive cyber form relatesto damage caused by a hacker, business interruption and cyberextortion.

There are many additional enhancements that are offered to thecomprehensive cyber form, as well. These include multimediaprotection, blanket professional liability and even Payment CardIndustry (PCI) fine coverage. These coverages can be complex andmust be studied by producers prior to presenting or binding.

The first step in selling cyberinsurance is understanding the coverage. The next key step in theprocess is to understand who has exposure and the severity of thisexposure. The simple answer is that “all business owners” areexposed. There are, however, some industries where the exposure ismore severe and alarming than in others.

There are three major criteria that can be analyzed by an agent,broker or insured to determine if cyber coverage is necessary.

• The first involves recording and tracking clients'personal information including addresses, phone numbers, SocialSecurity numbers, credit card numbers and other sensitiveinformation.

The exposure can come with both paper and electronic records andis covered in the cyber policy either way.

• The second criteria are the operation of a websiteor server to run one's business.

This includes operation of laptops, BlackBerries, or otherportable devices by employees. These open a company to an externalthreat of viruses, hackers and rogue employees.

• The third and final criteria involve credit anddebit card transactions by a business.

This includes companies that do a small number of transactionsper day to companies that process hundreds of daily requests.

Once an agent or insured identifies that the exposure is there,it is time to address coverage needs. Keep in mind, cyber liabilitycoverage is complex and consistently evolving. If there areuncertainties in coverage or questions that arise, agents andbrokers should consult the company offering the insurancequote.

Nearly every business in operation has been exposed, and storiesof substantial losses are spreading through word of mouth and mediaoutlets. With the adoption of technology in the business world,growing Internet threats and future technology advances, the timeto position oneself as a cyber liability expert is now.