Retail businesses are in the crosshairs of hackers, according to a recent report from Trustwave, a provider of on-demand data-security and payment-card compliance solutions to businesses.

Indeed, retail businesses—specifically the cardholder data they possess—were the primary target of cybercriminals in 2012, says Trustwave. About 45 percent of the company's investigations were in the retail sector, followed by food and beverage (24 percent), and hospitality (9 percent).

“Cyber could very well be the largest part of the exposure picture for these retail businesses,” says John O'Connor, vice president of strategic product & platform development for Travelers Small Commercial.

What makes the retail industry so appealing to cyber thieves? The sheer volume of payment cards used in these industries makes them obvious targets, says the Trustwave study. Stores also tend to be relatively easy targets: The main focus of the organizations operating in these spaces is customer service, not data security.

Awareness among retailers of the exposures they face when storing customers' data and swiping their credit cards has increased significantly—and this, in turn, has led to a “tremendous uptick” in interest in Cyber Liability coverage, says David Derigiotis, assistant vice president of the special risk division at Burns & Wilcox.

Frequent reports of costly and embarrassing breaches in the mainstream media have helped fuel these inquiries from insureds.

“And many of these reported breaches are tied to retail,” Derigiotis notes. These retail businesses, big and small, are being targeted, “and many of the smaller business can't afford the reputational damage or the massive costs related to customer notifications.”

So the chance for carriers to provide insurance solutions and add premium dollars—and for agents and brokers to aid their clients and add to their own coffers—is enormous and undeniable.

“There is a big opportunity here, with new business popping up everywhere,” says Tim Streck, assistant vice president of commercial product at Nationwide Insurance. “Agents have the chance here to forge some great relationships.”

Lew Dryfoos is one of those producers on the front line, helping his clients evaluate and insure against their Cyber risks.

“These are people I know; I frequent their businesses in town,” says Dryfoos, president of the Dryfoos Group of insurance agencies in eastern Pennsylvania. “A data breach is one of those things they might not think about—but it can shutter the doors if it happens.

“It is so expensive [without insurance coverage] to do the right thing, and a lot of these businesses aren't the types that can absorb these costs,” he adds.

Luckily for business owners, the industry's Cyber Liability and Data Breach insurance offerings are extensive—and not expensive.

Carriers are constantly innovating new Cyber products, and competition for business is fierce. Both of these facts are to the benefit of buyers.

“There are so many different carriers, with different tweaks in coverage—there are unbelievable deals to be had,” Derigiotis says.

Small retail-business owners can obtain coverage for everything from the costs of investigating a suspected data breach, to the costs of recovering data, to payouts for customer notifications, attorney fees and liabilities from potential lawsuits.

Endorsements for additional services, such as public relations costs, can be obtained as well.

BIGGER BETTER BOP

Another key trend in retail: The standard business owners' policy (BOP) isn't what it used to be: It's a lot better for insureds.

For years, a BOP was a highly generic form for low-hazard Property and General Liability risks.

But it has become a lot more robust in scope, driven by carrier competition for small-business premiums and by a better understanding of certain risks that were once limited to special endorsements.

“What we have found over the years is the BOP has included more and more coverages,” says Dryfoos, a third-generation insurance agent.

Coverage for plate glass, for example, is now included. Other risks, such as Cyber and Business Interruption, once considered too complex for inclusion, are now wrapped up in the BOP—at least with modest limit levels.

Crime and theft, employee dishonesty, and equipment breakdown can be found in the BOP as well. Look around and buyers can find a BOP product with some Inland Marine coverage for products in transit.

And the ability to customize an account with the use of endorsements—which are many times used now to increase limits of coverage currently available in the BOP (buying extra Business Interruption coverage to extend to dependent properties, for instance)—has improved “quite a bit,” says Dryfoos.

“There are so many ways to tailor the BOP product,” agrees Sandy Mullins, underwriting consultant for State Farm.

“This is no longer a one-size-fits-all venture,” adds Benedikt Sander, senior vice president of commercial insurance at Liberty Mutual. “There are good products, more tailoring, with a lot of flexibility—and good deals.”

In terms of Business Interruption protection in BOP, Mullins says the industry has recognized its importance to the retail business segment and has “come up with some amazing coverage to allow them to get back in business quickly.”

Insurers have additionally recognized the seasonality of many retail businesses. A bike shop is busiest in the spring. An ice cream parlor does most of its business in the summer.

To respond, the BOP has evolved to automatically increase limits (the percentage varies per carrier and can be increased via endorsement) based on a business' peak season.

“It makes sense to adjust the policy for these historical patterns,” says O'Connor of Travelers. “It gives these businesses a better chance to withstand an event or accident.”

Another example of a bigger, better BOP: Employment Practices Liability insurance.

“It used to not even exist [in the BOP],” says Dryfoos. “Now [carriers] put it right in automatically. Low levels, but it's something.”

Special Reports /

Small Retail Businesses Find Themselves in Hackers&rsquo; Crosshairs

Related Stories

Recommended For You

Small Retail Businesses Find Themselves in Hackers’ Crosshairs