As companies are faced with increased information security threats on a daily basis, businesses need their insurance coverage to respond to exposures that didn’t even exist just a few years ago. With heightened awareness of privacy issues, new legislative changes, and ever more sophisticated criminal cyber-attacks around the globe, companies not only need to be protected from traditional exposures, but also from those that continue to emerge. Most companies today need a single integrated policy which will respond to these exposures by offering broad coverage for data security and privacy exposures that are not covered under traditional Property & Casualty package policies.
You should have a policy which provides both third party liability coverage and first party computer security coverage and includes the following:
Information Security and Privacy Liability
- Coverage for theft, loss or unauthorized disclosure of personally identifiable non-public information or third party corporate information that is in the care, custody or control of the insured organization, or an independent contractor that is holding, processing or transferring such information on behalf of the insured.
- Coverage for failure to comply with breach notice laws.
- Coverage for failure to comply with the insured’s privacy policies as well as failure to administer an identity theft prevention program required by governmental organization.
- Coverage for unauthorized access, theft or destruction of data, denial of service attacks and virus transmission involving the insured’s computer system resulting from computer security breaches.
Privacy Notification Costs
- Coverage for the costs to provide notification, including fees charged by legal counsel to determine the applicability of, and actions necessary to comply with, breach notice laws.
- Coverage for voluntary notification
- Includes the cost of a credit file monitoring program.
- Coverage for the costs to hire a computer security expert to determine the existence and cause of a security breach.
Regulatory Defence & Penalties
- Coverage for the costs to defend a regulatory proceeding resulting from violations of privacy laws caused by the otherwise covered theft, loss, or unauthorized disclosure of personally identifiable non-public or third party corporate information.
Website Media Liability
- Covers display of electronic content on the insured’s website; and
- Extends to many internet-related exposures including advertising injuries that are not covered under many of today’s general liability policies including copyright infringement, piracy, libel and slander.
- Coverage for costs incurred as a result of a threat to breach the insured’s network through a denial of service attack, virus transmission, hacking, or other means.
First Party Coverage
- Loss due to corruption, alteration or deletion of the insured’s data caused by a network breach.
- Business Interruption caused by a network breach.
- Crisis Management expenses as a result of a network breach.
Who should buy this protection?
- Healthcare Organizations
- Retail Operations
- Financial Institutions
- Any organization that has care, custody or control of any confidential information or personal data (ie. credit card information), whether it be in electronic or paper format, as well as any company with a computer system or website…which is pretty much everyone!
The costs of this coverage when it first became available were quite steep, but today, there are a number of companies who offer Cyber coverage. With uptake and competition, the cost has come way down. It would be prudent to at least investigate this coverage and get pricing to see if you see value to the cost benefit of Cyber Liability protection!
DEREK FAULCONER, CAIB, CNA, BA, RIB (Ont.) is the President of CRE Insurance Services. CRE Insurance Services is an ASSOCIUM GAIN partner provider.