Presented by: Christopher F. Hawthorne, CPCU, CIC
Technology has delivered an exposure for those who hold, use or depend on information be it paper or electronic. Just as inventory once was the life line for a business, data and information now takes their place alongside the tangible assets of a business. This can be data in the form of client records, billing operations, employee files, websites and inventory management. When data or information is shutdown or stolen, it can represent a large loss. The loss can be both a first party loss (out of pocket) and a third-party loss (demanded by another) as well as trigger government action and penalties against the business.
First party losses are out of pocket expenses for a business such as rebuilding lost data, cost of forensic studies to determine what was lost, cost to restore systems and loss of income from business interruption.
In between first- and third-party losses are losses from extortion or ransom. A criminal may demand money to allow a computer system to released from any hold the criminal has on it or to stop a website from being overrun by an attack. While the cost is out of pocket it is caused by a third-party demand.
Third party losses arise when there is damage or loss of another’s data or private information, damage to their hardware or to their website. The cost associated with third party losses are notifying parties of their lost or released information, credit monitoring, defending from law suits, and paying settlements.
In addition, governmental actions (fines and penalties) may arise on both state and Federal levels. It is worth noting, that Massachusetts has the toughest data privacy laws in the nation.
Neither Property nor General Liability insurance pays for these types of losses.
There are several carriers now offering coverage for this exposure and many provide hotlines and proactive risk management assistance. In addition to obtaining this coverage, it is worth reviewing your technical / system support vendor to make sure the job description includes “security and compliance” as opposed to simply having the technology function.
In summary, the Information Management Liability (Cyber) exposure requires the attention of every business from perspective of insurance protection and risk management mitigation. To fail to do so is to put the survival of the business at stake.
Photo by Pixabay