The Identity Theft Resource Center (ITRC) is a nonprofit organization that provides information to the public with regard to identity theft. It also tracks data breaches and records exposed by compiling information from a variety of public sources. A breach is an event where an individual's name, plus Social Security number, drivers license number, medical records, or financial records could be at risk. The number of records exposed is the total number of individuals potentially at risk because of a particular breach. There have been 2,882 breaches since 2005, and over 498 million records have been exposed.

Business customers are particularly vulnerable. Although businesses represented only 35% of the breaches, those breaches exposed more than 52% of the records.

For more information about these statistics and also to provide valuable prevention information to your clients, contact:
www.idtheftcenter.org

Clients that do not have computers do not have cyber liability exposures. All others have a potential for loss. The potential depends on how they use computers in their operations. When confidential information is stored on a server, the exposure to liability because of a data breach is significant. When content is provided to customers, there is potential for libel, defamation, plagiarism, and other personal injury publishing issues. When computers are the lifeblood of the business, being hacked is a constant threat. Computers may even be held hostage until the demands of an extortionist are met. Cyber liability coverage responds to all of these and other potential losses

Here is a possible loss scenario:

Carolyn's Pharmacy has a problem. Someone hacked into its computer. A virus is destroying records, but even worse, patient records were stolen even before the virus started its destruction. Carolyn received a note demanding the amount she must pay to remove the virus and restore the records.

Carolyn is also incurring significant extra expenses because she cannot access any of her records. Her expenses will really skyrocket if her customers' records are compromised.

When she calls her agent and asks for help, he informs her of the numerous provisions in her policy that exclude coverage for most electronic data issues.

Cyber liability is evolving because electronic communication is evolving. In 2005 the Insurance Services Office (ISO) developed a standardized coverage form called the E-Commerce Program, and it has already been updated twice since it was introduced. Many carriers that write this coverage developed their own coverage forms so they could quickly modify the coverage as exposures change.

Our experts state that most carriers provide cyber liability coverage on a nonadmitted basis. This allows for the quick innovations and significant pricing flexibility required in such a rapidly changing marketplace.

Carriers that write this coverage include Philadelphia Insurance Companies, Travelers, Hiscox, Markel, CFC, Beazley, Chartis, Lloyd’s of London, Axis, OneBeacon, XL Insurance, Chubb, CNA, Great American, Crum & Forster, Hudson Specialty, Hartford, and Specialty Global.

Who needs this coverage? According to Matt Prevost, product manager: cyber and professional liability at Philadelphia Insurance Companies, “Any business that uses the Internet or operates an intranet needs some form of cyber or privacy coverage.”  David Derigiotis, director of professional lines at Burns & Wilcox, adds, “Any business that has customers and maintains files or a database that contains sensitive information has an exposure. Sensitive information can be as simple as an email address, home address, first and last names and, of course, Social Security numbers and credit card information.”

Steven Haase, CPCU, ARM, president of INSUREtrust.com LLC, says, “At a minimum, all companies have an exposure to theft of employee information, website content, rogue employee issues, phishing attacks, domain name disputes, etc.” Tim Francis, business insurance management and professional liability and cyber insurance lead at Travelers, states it quite simply: “Any business, as well as any nonprofit organization, that uses technology is exposed to cyber risks.”

The coverage forms and policies available to cover cyber risks are moving beyond security-only issues. Carriers are introducing package policies that include both first- and third-party coverages. Mr. Haase lists eight key elements of cyber liability coverage:

• Security and privacy liability
• Website content coverage/intellectual property and domain name coverage
• Virus coverage
• Civil regulatory actions
• First-party coverage for breach notifications, forensics, and credit monitoring expenses
• Cyber extortion
• Loss of data
• Loss of income due to loss of network resources

Jason Glasgow, CyberRisk product manager for Travelers Bond and Financial Products, provides a similar listing but breaks the grouping into first- and third-party coverages.

First-party coverage:

• Crisis management event expenses
• Security breach remediation and notification expenses
• Computer program and electronic data restoration expenses
• Computer fraud
• Funds transfer fraud
• E-commerce extortion
• Business interruption and additional expenses

Third-party liability coverage:

• Network and information security liability
• Communications and media liability
• Regulatory defense expenses

Click here for the complete article …

MANAGING GENERAL AGENTS | WHOLESALE BROKERS | INSURANCE COMPANIES