The technology that your company relies upon to conduct its business can also significantly increase your vulnerability to cyber security threats – resulting in significant out-of-pocket and reputational costs that can devastate your bottom line. Some businesses operate under the belief that their existing policies are enough to cover their data security exposures. Unfortunately, many insurance policies address only specific exposures with dedicated limits that don’t extend to the full breadth of data security breach exposures. The average cost of a data breach is $204 per lost record – more than half of the costs are attributable to lost customers and the associated PR expenses to build back an organization’s reputation. Do you have Cyber Liability Insurance?
CYBER LIABILITY INSURANCE
Cyber Liability insurance takes into account first and third party risks, including privacy issues, infringement of intellectual property, virus transmission or any other conflicts that may be passed from first to third parties via the internet. Today, anyone with a web site has legal liabilities of a publisher and should have cyber liability insurance. In fact, commercial companies that send information to the public via the internet, face the same legal exposures as publishers and with the increasing legislation in the areas of user privacy and domain name infringement, this is an upcoming challenge for business alike.
WHAT IS CYBER LIABILITY INSURANCE?
Cyber Liability Insurance is a vital piece of an effective insurance program for any company who maintains a website and conducts business via the internet. One of the most important exposures covered by Cyber Liability Insurance is privacy injury and identity theft alleged against you. In the unfortunate event that your computer system is hacked, breaching your network’s security and compromising data, your Cyber Liability policy will respond. Cyber Liability Insurance provides your company coverage to meet client notification requirements and will provide defense and settlement coverage for breach of privacy allegations brought against you. A Cyber Liability Insurance policy provides coverage for damage to your network due to viruses, denial of service, security breaches, and damage to others’ networks and information unknowingly caused by you.
WHO NEEDS CYBER LIABILITY INSURANCE
Whether your office uses computers to communicate with others, collect and store information, or uses websites to handle customer transactions, you have a Cyber Liability exposure. Cyber Liability Insurance is important for any company who maintains a website, does business via the internet, accepts payment via their website, or stores non-public client and/or employee information within a network.
• In July, Beth Israel Deaconess Medical Center in Boston, had their computer system hacked into, exposing more than 2,000 patients’ personal information. The computer, which was found to have contacted a virus that snagged patient files and sent them to an unknown recipient, contained medical records numbers, names, genders and birth dates of 2,021 patients.
• A regional retailer contracted with of a third party service provider. A burglar stole two laptops of the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.
• Stanford Hospital and Clinics is facing a $20 million class action lawsuit filed after protected health information for approximately 20,000 patients was found on a public Web Site. The lawsuit is seeking a $1,000 award for each affected patient, alleges violation of state law that requires provides to safeguard patient information and prohibits disclosure without written consent.
• A woman purchased a used computer from a pharmacy, which contained the prescription records, name, addresses, social security numbers and medication lists of pharmacy customers. The cost of notifying affected parties per state law totaled nearly $110,000. To date, two law suits have been filed, one alleges damages in excess of $200,000 and the other in excess of $100,000.
• A part-time hospital employee gained unauthorized access to confidential electronic patient records and discussed an individual’s HIV status with co-workers. The individual sued the hospital for lack of adequate IT security measures in protecting digital patient records. The hospital was held liable for $250,000 with an additional $85,000 spent on defense.
• An employee of a medical office has a laptop with sensitive client data that went missing. There are multiple lawsuits pending by individuals whose data has been comprised. Total defense costs to date exceed $700,000.
WHAT YOU SHOULD KNOW ABOUT DATA BREACHES:
• The culprit is often someone close to your business
• The perpetrator could live halfway around the globe
• Size doesn’t matter
• Any company can be hit
• A breach can result from a simple mistake
• Cyber risk is steadily increasing