NU Online News Service, June 16, 9:59 a.m. EST
ATLANTIC CITY, N.J.—Cyberspace is the next employers practices liability exposure, as the threats to agents’ personal and customer information are real, and almost too numerous to imagine, a consultant says.
With high-profile cyber attacks and an arsenal of schemes to gain personal information, no matter how good agents believe their computer security is, they are vulnerable to having information stolen and need to protect themselves, says Steven D. Lyon, a consultant with Lyon Consulting Services in Pequannock, N.J.
His comments came during the annual conference of the Professional Insurance Agents of New York and New Jersey in Atlantic City, N.J.
Addressing a room filled to capacity, Lyon says that in the past insurance was focused on protecting and covering tangible assets. Today, insurers and agents can no longer make that their sole focus. Insurers have to extend coverage to the intangible, primarily information stored on hard drives to protect it from being destroyed or stolen. Because that information has become so valuable, the industry must now consider additional protections.
“The brick and mortar days are out, they’ve been replaced by click and surf,” says Lyon.
Protection of privacy data is imperative, not only from a liability standpoint, says Lyon, but also to avoid damage to the agency’s reputation.
A story he tells is how he collected personal financial information from a client for a bond coverage. The client says he was uncomfortable giving the information, but Lyon tells him it would be safe. For years he faxed the information over to the insurer.
One day, the client got a phone call from a stranger telling him that he had just received a fax with all the financial information the client worried would be revealed.
All it took, Lyon’s says, was just one phone digit entered wrong to expose his client’s information. While he did not lose the account, the client never released the information to him again and would personally mail it to the carrier.
“One slip, one tiny mistake, can damage your reputation,” Lyon says.
To protect themselves, Lyon advises agents to limit the amount of information they collect.
“If you don’t need it, don’t collect it,” says Lyon. “Get rid of what you don’t need.”
To get rid of paper documents, agents should buy micro-cut shredders, because identity thieves can paste together shreds from more conventional shredders. Also, hard drives need to be totally destroyed. Deleting the information doesn’t get rid of it from the hard drive. Only the destruction of the hard drive will ensure information can’t be stolen.
When it comes to giving out information, confirm who you are giving information out to.
Lyon illustrates this with a personal story when American Express Security called him after a trip asking him if he had made certain charges. He had not, and security then went ahead to confirm some information by asking some questions.
He balked at answering when they asked for the security number on the card and told them he would call back. He called the American Express number and got security.
He explained what had just transpired and wanted to confirm it was American Express. The security official told him they never made the call. They quickly surmised that with all the personal data they had collected on him, the thieves did not have the card’s security number and were fishing for it.
Agents, he warned, need to protect themselves, and purchase insurance coverage to fill in the gaps.
Among just a few of the gaps:
• Electronic Data Liability
• Business interruption coverage that not only covers interrupted services, but also covers the investigation for the reason for the loss.
• Loss Event Liability Insurance that covers losses to third parties for e-business losses.
• Public relations coverage to pay for the expenses incurred while the agency rebuilds its reputation.
The cyberspace business exposure, he says, will be “the next big deal” in the liability arena. When thefts occur “attorneys will have a field day” if an agent can’t prove that they protected a client’s data or advised clients to purchase cyber protection insurance.
Offering help to agents, PIA Management Services covering New Jersey, New York, Connecticut and New Hampshire members recently introduced cyber liability protection for agents.
There are two policies. One is underwritten by Philadelphia Insurance Co. and is a stand-alone program. The other is by Utica National Insurance Group and is an optional endorsement to a new or existing policy. That form is still pending approval in New York.