Of course you've heard about the recent "hacker" attacks on large corporations such as Anthem Blue Cross, Home Depot and Target. If you are a small to medium size business owner, maybe you're thinking that you couldn't possibly have that much of an exposure? According to Travelers Ins. Co. (one of the largest commercial insurers in the United States) "Cyber risk" is definitely on the rise and two-thirds of the claims that they have for this type of liability are for small companies and non-profit organizations. Here are some frequently asked questions regarding this exposure:
· What is "Cyber Liability?" Any personal data that you keep on clients, donors, vendors or employees over the past five years or so can be at risk. Every name, address, date of birth, social security number, credit card information, health data and other identifying data is considered "a record." Every data breach costs roughly $214 per record to resolve. The average loss is about 20,000 "records." At $214 per record- well, you do the math! It's important to understand that your Commercial General Liability (CGL) policy does not cover web-based activities.
· What costs could my company be held responsible for? Some of the major considerations are:
o Notification of clients, donors, etc. Forty-seven states have enacted privacy legislation. Each state is different and specific in their requirements on notifying people whose records have been compromised. (Type size and font that must be used in the notification letter can be different for each state.)
o Damage to company reputation. You may need to hire a Public Relations firm to remediate and rebuild confidence in your clients to do business with you.
o Class-action lawsuits. Need I say more?
o Credit-monitoring services. You may be required to offer these services for a year for affected individuals.
o Regulatory fines. The government may impose fines for data breaches on certain types of businesses.
o "Blog" on website. Be careful not to libel or slander others.
· Are "hackers" the main concern? "Hacking" crimes are roughly 40% of the cause of data breaches, Significant loss of data is caused by lost or stolen mobile devices, staff errors and disgruntled employees.
· My data is backed-up on "the cloud." Do I still have an exposure? Bottom line- your company owns the data. If your cloud provider is breached involving your companies' data, your company is responsible for that data.
· What coverages should I be sure to have? Not all contracts covering Cyber risk are the same. Here are some important coverages to be sure are included:
o Non-electronic data. If an employee disposes of records incorrectly or paper files get misplaced while traveling, etc., this is extremely important coverage.
o Transmission of a virus. If you send out e-mail or e- newsletters for example that contract a virus, you could be held responsible to damage to other computers.
o Loss of income. (Business Interruption) The loss of your computer system could shut down your business for a protracted period of time.
o Worldwide coverage territory. You don't have to be a large business to have a global exposure.
It's best to discuss your situation with a professional Independent Insurance Agent. Collection of personal data is an exposure that every business needs to be aware of. Every company is dependent upon computers, e-mail and the Internet. Cyber Liability Insurance is a new cost of doing business.
Tidak ada komentar:
Posting Komentar