Volume 44, May 2011 — RETURN TO IMP CYBERCAST CURRENT EDITION Click Here for Print Friendly Version  
   
 
 
Companies/Brokers/MGAs
Do you have a new product or enhancement?
Click here to submit your information
—OR—
call 1-800-428-4384 to speak to
Eric Hall Executive Vice President - Advertising, National Sales Director
 
INSURANCE MARKETPLACE SOLUTIONS
 
  CYBER LIABILITY

Who are you?

Can you prove it?

Many people are knocking on your client’s computer doorway. Most are only interested in positive and profitable interactions. However, others are opportunists in disguise looking for a chance to steal and destroy. They may extract information to sell to others for any number of reasons. They may linger briefly before launching similar attacks against others.

These unwelcome guests may even plant a virus or malware on your client’s computer. Most insurance companies exclude such damage from their standard coverage forms and policies. However, the good news is that the marketplace is responding to this cyber reality.

 
GROWTH POTENTIAL
 

The Identity Theft Resource Center (ITRC) is a nonprofit organization that provides information to the public with regard to identity theft. It also tracks data breaches and records exposed by compiling information from a variety of public sources. A breach is an event where an individual's name, plus Social Security number, drivers license number, medical records, or financial records could be at risk. The number of records exposed is the total number of individuals potentially at risk because of a particular breach. There have been 2,882 breaches since 2005, and over 498 million records have been exposed.

Business customers are particularly vulnerable. Although businesses represented only 35% of the breaches, those breaches exposed more than 52% of the records.

For more information about these statistics and also to provide valuable prevention information to your clients, contact:
www.idtheftcenter.org

 

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

 
STATING THE OBVIOUS
 
   

 

Clients that do not have computers do not have cyber liability exposures. All others have a potential for loss. The potential depends on how they use computers in their operations. When confidential information is stored on a server, the exposure to liability because of a data breach is significant. When content is provided to customers, there is potential for libel, defamation, plagiarism, and other personal injury publishing issues. When computers are the lifeblood of the business, being hacked is a constant threat. Computers may even be held hostage until the demands of an extortionist are met. Cyber liability coverage responds to all of these and other potential losses

 
   
THE HEART OF THE MATTER
 
   
 

Here is a possible loss scenario:

Carolyn's Pharmacy has a problem. Someone hacked into its computer. A virus is destroying records, but even worse, patient records were stolen even before the virus started its destruction. Carolyn received a note demanding the amount she must pay to remove the virus and restore the records.

Carolyn is also incurring significant extra expenses because she cannot access any of her records. Her expenses will really skyrocket if her customers' records are compromised.

When she calls her agent and asks for help, he informs her of the numerous provisions in her policy that exclude coverage for most electronic data issues.

 
   
THE MARKETPLACE RESPONDS
 
   

Cyber liability is evolving because electronic communication is evolving. In 2005 the Insurance Services Office (ISO) developed a standardized coverage form called the E-Commerce Program, and it has already been updated twice since it was introduced. Many carriers that write this coverage developed their own coverage forms so they could quickly modify the coverage as exposures change.

Our experts state that most carriers provide cyber liability coverage on a nonadmitted basis. This allows for the quick innovations and significant pricing flexibility required in such a rapidly changing marketplace.

Carriers that write this coverage include Philadelphia Insurance Companies, Travelers, Hiscox, Markel, CFC, Beazley, Chartis, Lloyd’s of London, Axis, OneBeacon, XL Insurance, Chubb, CNA, Great American, Crum & Forster, Hudson Specialty, Hartford, and Specialty Global.

Who needs this coverage? According to Matt Prevost, product manager: cyber and professional liability at Philadelphia Insurance Companies, “Any business that uses the Internet or operates an intranet needs some form of cyber or privacy coverage.”  David Derigiotis, director of professional lines at Burns & Wilcox, adds, “Any business that has customers and maintains files or a database that contains sensitive information has an exposure. Sensitive information can be as simple as an email address, home address, first and last names and, of course, Social Security numbers and credit card information.”

Steven Haase, CPCU, ARM, president of INSUREtrust.com LLC, says, “At a minimum, all companies have an exposure to theft of employee information, website content, rogue employee issues, phishing attacks, domain name disputes, etc.” Tim Francis, business insurance management and professional liability and cyber insurance lead at Travelers, states it quite simply: “Any business, as well as any nonprofit organization, that uses technology is exposed to cyber risks.”

The coverage forms and policies available to cover cyber risks are moving beyond security-only issues. Carriers are introducing package policies that include both first- and third-party coverages. Mr. Haase lists eight key elements of cyber liability coverage:

  • Security and privacy liability
  • Website content coverage/intellectual property and domain name coverage
  • Virus coverage
  • Civil regulatory actions
  • First-party coverage for breach notifications, forensics, and credit monitoring expenses
  • Cyber extortion
  • Loss of data
  • Loss of income due to loss of network resources

Jason Glasgow, CyberRisk product manager for Travelers Bond and Financial Products, provides a similar listing but breaks the grouping into first- and third-party coverages.

First-party coverage:

  • Crisis management event expenses
  • Security breach remediation and notification expenses
  • Computer program and electronic data restoration expenses
  • Computer fraud
  • Funds transfer fraud
  • E-commerce extortion
  • Business interruption and additional expenses

Third-party liability coverage:

  • Network and information security liability
  • Communications and media liability
  • Regulatory defense expenses

Click here for the complete article …

 
   
WHO WRITES CYBER LIABILITY?
 
   

MANAGING GENERAL AGENTS | WHOLESALE BROKERS | INSURANCE COMPANIES

 
 
 
 

This message was sent by The Rough Notes Company, Inc.,
11690 Technology Drive, Carmel, Indiana, 46032
1-800-428-4384