Not long ago, cyber liability insurance was unheard of, but today, it has become critical to any company dealing with personal data that could be used to commit identity theft.
Jonathan Theders, president of Clark Theders Insurance Agency Inc., says that the word ‘cyber’ doesn’t necessarily have to mean computer-related, as the insurance has evolved to include data privacy and network security risk.
“Cyber risk or breach of data can be loosely thought of as anything that can create a vulnerability to the theft of information that jeopardizes a company’s mission, fulfills its clients’ needs or maintains some measure of trust,” Theders says.
Smart Business spoke with Theders about how companies can use cyber liability insurance to protect their customers’ data and protect themselves from lawsuits.
How has cyber liability coverage evolved?
Here’s an example: Let’s say my laptop was stolen out of my car, and it has all sorts of personal information on it. Chances are, the thief just wanted the laptop and not the personal data inside, but what was on that computer? It could be Social Security numbers or credit card information. If that data is stolen, you have a duty owed to protect that data.
The coverage has evolved from solely computer-related data to data in all forms. It could be paper versions; it could be electronic. It started out as a requirement of HIPAA, in which people were required to keep personal information confidential with a heightened level of security.
Five years ago, some people were very electronically driven, but the majority of business wasn’t. Everything was filed on paper. If I wanted to steal information, I’d have to walk out of an office with stacks of paper and files.
Now I could walk in with a thumb drive that you would never know I had and I could extract thousands of records without your knowledge. It’s made data theft a whole lot easier if that data’s not protected the proper way.
What types of threats to data are there?
When you think of cyber threats, you think of a brainiac sitting in a bedroom hacking into computer systems. That concern will always be there, but there can also be the frustrated rogue employee, the one who is thinking about leaving, who wants to gather this information to use it at their next job or who just really wants to hurt the company before leaving. Or the person may want to sell that information because it has value to somebody else.
It doesn’t always have to be this third-party hacker off in the distance; it could be one of your own employees who has legal, granted access to that data. The insurance coverage should pick up not just third-party but first-party and employee actions, as well.