Cyber Liability Exposures

January 21, 2015

Misconceptions about Cyber Liability Exposures

Cyber breaches are mostly a result of foreign offshore sophisticated hackers who are only targeting large retail and healthcare systems.

It is true that hackers are responsible for the largest number of losses in claims against cyber liability exposures and that the most advanced hackers are in Russia and Eastern Europe.  However, these numbers are evolving and fast approaching in the cause of losses due to cyber exposure according to a  NetDiligence® 2014 claim reports study they note that 97% of data exposed comes from email addresses and passwords.  This information adds to the percentage of causes of loss to the following categories:

* Lost, stolen or missing electronic assets

* Rouge employees

* Staff mistakes

And while Healthcare systems, Financial Institutions and Retail are among the most venerable industries to be exposed to cyber attacks, we have seen from recent events and from the growing trends towards social media and carrying everything on our smart phone that none of us are out of reach.

I think my general liability policy covers at least some amount of cyber exposures.

Years ago, some cyber coverage could be found under the general liability and property policies.  Those days are gone.  Most insurance companies have added specific exclusions to eliminate any chance of coverage for cyber claims.  The exclusions wipe away any doubt about coverage. Most policies exclude exposures. Some Professional Liability policies offer breach notification expense in the event of a breach. Often electronic data restoration, data extortion payment, regulatory fines and penalties and first party interruption and loss of data are not covered.  Some policies that do provide a limited amount of these coverages are frequently written on indemnification/reimbursement and they do not provide defense or pay on behalf coverage.

Using cloud storage service reduces risk and liability.

Not so – cloud storage actually opens a whole new can of worms – the increase use of offsite and outsourced IT/cloud computing generally lowers monthly costs of IT and increases sophistication of system security – but unfortunately, it also adds additional exposures.

We’re too small to be a target for cyber extortion.

In the growing Internet-dominated business arena, companies are storing more sensitive information than ever on their computers. A surprisingly low number of small businesses have invested in cyber liability insurance to combat the potentially devastating effects of a cyber-attack. Many small business owners are oblivious to the high risk of data breaches at their establishment, in the belief that hackers are likely to attack only high-profile, high-revenue firms.  The “newsworthiness” of data breaches at larger corporations often overshadows the more frequent security violations that target small businesses.

The cost of a cyber breach is limited to notification expenses and credit monitoring.

Once intruder’s gain access to company databases, they become privy to a vast array of information, including customers’ Social Security numbers, credit card numbers, addresses and other identifying data. They also gain access to sensitive business data, which they can use to open and access accounts, drain money and destroy the affected individuals’ credit.  Recovering from this type of data breach invasion can cost companies thousands of dollars in fines and lost reputation.

Below are areas of consideration regarding the high costs of data breach recovery:

  • There could be a loss due to business interruption that would not necessarily be a covered peril (such as a fire) under your standard Business Interruption coverage.  Businesses may suffer from decreased sales due to negative publicity and diminished customer confidence.  It could take days or weeks out of commission, which represents lost profits and opportunities for the firm.
  • There could be additional costs from security overhauls.  Implementing a new security system, or updating a current one, costs a great deal in software, infrastructure and personnel.  In addition, would be the cost in training staff on new policies and procedures.
  • As a sign of goodwill, many businesses affected by data breaches offer customer concessions such as; free credit monitoring services, discounts, service promotions or other perks to help regain customer trust and loyalty.  These customer concessions however, cost the businesses money to do so.
  • Some businesses may have to shut down within a few months of a data breach.  The monies from stolen resources to the expense of responding to a cyber-attack, these incidents have the potential to deplete the savings of the most promising small business.

Though cyber-attacks can have devastating effects and other grim consequences for your company, there is help to regain what your business may have lost through the valuable resource of cyber liability insurance.

Sources: UltraRiskAdvisors, InfoSecurity Magazine, NetDiligence and LogRythum

The Armstrong Company Insurance Consultants  (License #0440075)