Necessity of Cyber Liability Coverage
Bulletin – Monday, December 31, 2018

In today’s world, most businesses have an online presence and store some customer data. Cyber-attacks not only present more threat than ever before, but they are also escalating in frequency and intensity. 

Many small businesses feel that they are “too small” to be hacked. On the contrary, small businesses are now becoming prime targets because there is little or inadequate security.  We also hear that the business doesn’t “store” any data, they simply swipe a credit card. Some of the merchant agreements with credit card vendors attempt to push the liability back to the retailer, so read the fine print.

With the introduction of data breach notification laws, even small businesses can bear significant costs due to fines, notification expense and more. In addition, customers lose confidence in the business or brand and that trust is almost never fully regained, even when the company recovers. Cyber liability insurance helps to mitigate the losses associated with cyber-attacks by providing safeguards against risks related to online and information technology activities. This coverage can be tailored to protect your clients against data breaches, network failures, extortion, and media liability. 

As an agent, you should offer a cyber-liability option to your customers since most of them…

  • Transact credit cards
  • Have an online presence
  • Provide an e-portal for clients and/or vendors
  • Sell goods and/or services online
  • Capture or store customer/vendor data
  • Employees that use company laptops or phones
  • Use email

According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses in 2017, up from the previous year's 53%. Most news outlets only bother to report those data breaches associated with big companies, thereby perpetuating the notion that only big companies are hacked. The complaint of cyber liability insurance policies being too expensive for small businesses no longer holds true, as custom-made solutions are now available.

In the event of a cyber-attack, cyber-liability insurance may cover:

  • Expenses associated with curtailing the incident; notification costs, legal fees, regulatory fines, investigation costs, etc.
  • Fees associated with paying the ransom demanded by the hackers
  • Contractual liabilities owed to payment card industry firms 
  • Third party damages

In addition to businesses, local governments and larger jurisdictions face cybersecurity challenges.  Even if your client is a small to medium business or even a small municipality, cyber-attacks are now a reality and the responsibility is to protect themselves.  

Get an easy cyber indication today by contacting a Tuscano Casualty Underwriter

Here are just a few examples of cyber claim scenarios:

  • Smith & Smith (a law firm): A Russian hacker managed to gain access to their computer system and got a hold of confidential documents and demanded a ransom of $250,000  else the documents would be made public in addition to shutting down the firm’s computer systems.
  • Luxury Autos was a victim of a DDoS (Distributed Denial of Service) attack which overloaded it’s servers until it shut down. It took the company’s IT team a week to get its services back online.
  • A restaurant’s point of sale machines had been illegally skimmed with a small, hidden electronic device for several months, affecting nearly 1,000 cards. Over those several months, some cardholders became identity theft victims and paid for their own credit monitoring; others had debit cards skimmed and were not able to recover stolen funds from their bank accounts because too much time had passed without their noticing the fraudulent activity. The victims united and sued the store for costs incurred, including paying for credit monitoring and recovering lost funds and expenses incurred in clearing their identity. 
  • A civilian employee in the local police department opened an attachment to an email, inadvertently launching a ransomware attack. Over 160,000 city files were encrypted and triggered extortion, demanding $33 million in bitcoin to unlock them.