Data theft risk is growing, causing risk managers, legislators and plaintiff attorneys to take notice and action, with the price tag for defense of suits against entities in the "chain of breach" in the millions regardless of whether it is found liable.
Loss control and risk management are keys to limiting corporate data theft exposure. Firms must take stock of all exposures, both tangible and virtual. For the remaining e-risk, organizations need to evaluate insurance options.
Depending on a company's business and operations, some coverage might be in place under existing property and general liability policies. Alternatively, it may be possible to add a network risk endorsement to such policies. Changes in 2003 to ISO forms, as well as two precedent-setting cases, however, have rendered those options dangerous.
In Ward General Insurance Services v. Employers Fire Insurance, the California Court of Appeals in 2003 held that data is not considered tangible property in the context of a property policy–therefore, a loss of data would not constitute a direct physical loss. Similarly, the 4th Circuit Court in AOL v. St. Paul Mercury Insurance Co. that same year found that computer data is not tangible property under a general liability policy.
Network risk policies can address these exclusions and fill any gaps left behind.
The pricing of network risk insurance policies can be inconsistent because underwriters don't have a history of claims data upon which to base their rates. It is recommended, therefore, that buyers obtain quotations from several insurers, as differences in pricing and terms and conditions can be dramatic.
For example, some carriers offer policies with combined programs of errors and omissions and network risk with a shared limit of coverage, while others offer stand-alone network risk protection. Other carriers only write such policies if a major insurance relationship exists with the insured. Some also may offer modular options for specific risks and liabilities.
Unlike more established lines, there is not yet a set standard for a good network risk underwriting submission, although there are some emerging baseline requirements often sought by leading insurers–including network risk assessments.
Presenting your organization in the most favorable light requires a bit of effort. This means pulling together information from various disciplines within the company, including risk management, legal, privacy officer, systems/information technology, sales and marketing, product development, and human resources.
If prudent measures are in place in each of these areas, appropriate processes are implemented to coordinate such efforts, and steps are well documented in your underwriting submission, your company could be eligible for significant rate credits as well as higher limits and/or lower self-insured retentions.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.