What can companies do to reduce their exposure to these possible expenses and costs?
A company should do an audit of its network security systems and internal controls and include an audit of its vendors and its controls. However, even with the right controls in place you can still be exposed. You should also consider purchasing cyber liability coverage, due to gaps in traditional insurance of property coverage, general liability coverage and professional liability coverage.
What kind of coverage is available under a cyber liability policy?
The typical cyber liability policy provides coverage for claims from parties outside of your company that result from network damage, security breaches and privacy violations.
Examples of the types of losses covered under network damage include authorized users not having access to the system, service interruption of the network, unauthorized access and destruction of third-party information.
Examples of the types of losses under security breaches include failure of network to identify and authenticate party user, failure to properly secure data, failure to protect against virus and failure to defend against denial of service attacks. The privacy coverage is in place to protect against claims made for failing to comply with regulatory requirements regarding the privacy of individual and confidential information resulting in third-party claims and the expenses incurred to comply with the breach notification requirements.
What are the top sources of losses for cyber liability exposures?
The largest source of loss is from breaches in network security, with stolen equipment being the second-largest source. The most common types of equipment stolen are laptops or portable equipment that has the ability to retrieve sensitive and/or confidential information. The breach may be small, but even a small breach can be very costly in terms of the requirements of notification and monitoring services that must be offered.
What are the costs associated with a loss that could be covered under a cyber liability policy?
In a service interruption loss, the costs to remediate a company’s Web site and its contents, and the extra expense incurred to fix the company’s network and the loss of income could be covered. Costs associated with a data breach that could be covered include liability arising from privacy invasion suits, the costs to comply with privacy regulations regarding notification and to provide credit monitoring services to affected individuals, and the costs associated with the restoration of a company’s reputation. The costs associated with an Internet media loss could be copyright or trademark, libel or slander, and privacy invasion on a company’s Web site.
Again, while many businesses feel they do not have an exposure or have a small exposure to a cyber liability and/or privacy claim, with the way business is conducted today, every business is susceptible to a claim.
Phil Coyne is a vice president with ECBM Insurance Brokers and Consultants. Reach him at (610) 668-7100 or [email protected].