Cyber Liability: Then and Now
The term “cyber-liability” is certainly one that is at the forefront of everyone’s minds as it continues to dominate the headlines. Both the new-age age criminal and the reliance on electronic data has forced companies to alter their risk management plans to include protection against data breaches. In the past, cyber liability policies were only requested and purchased by companies providing professional IT services and those who handled a wide variety of computer systems and software. As cyber security awareness has increased, coverage has become broader and coverage has become a necessity for businesses in every industry.
Prior to any laws that would hold companies accountable for private records being leaked, the only requirement for carrying privacy liability might be contractual stipulations. The first law that was enacted that raised awareness of this was the Health Insurance Portability and Accountability Act (HIPAA), which most of us have heard of. In 2003, a privacy rule went into effect for the private sector, protecting personal healthcare information under HIPPA regulations. The introduction of these privacy requirements introduced a new concept of responsibility for those who store personal records. Since the enactment of the HIPAA privacy rule, there have been 48 out of 50 states that have state laws or codes that require companies to notify a consumer if their personal identifiable information (PII) was breaches. With a new century, comes a new exposure.
Prior to modern day philosophies and availability of industry-tested cyber liability products, companies would purchase policies that would provide coverage for alleged wrongful acts arising from their professional [technology] services. The definition of wrongful act may or may not include breach of security or invasion of privacy, which are areas that are protected by acts, such as HIPPA. Post-HIPPA privacy laws have made it necessary for non-technology companies to reevaluate their current insurance program and consider adding cyber liability coverage. A modern cyber liability policy will include both Third Party liability coverages, along with First Party coverage. Third party liability coverage provides coverage for damages to consumers. This coverage provides protection against wrongful acts, loss of employee/customer information, failure to prevent the entrance or spread of a hacker/virus, and personal injury from your website content. As mentioned earlier, most states are requiring companies to notify consumers when their information goes missing or is hacked and every state has a different notification requirement. This is an unwelcomed expense and headache that many business owners would prefer not to shoulder. A well-equipped cyber liability policy will help offset these expenses by providing first party coverage to pay for consumer notification expense, computer/legal forensic expenses, business interruption, and regulatory defense and penalties incurred. (It is important to note that no two cyber liability policies are alike and terminology can often be confusing as there is not a standard policy form that has been accepted by the courts.)
The cyber liability marketplace has come a very long way since its introduction in the early 2000s, but it hasn’t been tested nearly as much as the other insurance products. As breaches become a greater risk to all businesses, insurance companies can expect to see more claims and the need for capacity to support these claims. It is vital to make sure that you work with an advisor who is very knowledgeable about the cyber liability arena and knows the marketplace well. While many insurance carriers have found solutions to protect your business if and when a breach occurs, it is still difficult to stay ahead of the technology market. As networks and enterprises move to the “cloud,” hackers will follow. It is very important to consult with an IT professional to discuss proactive ways to prevent breaches/hacks and to formulate a continuity plan should you fall victim to one. With a strong IT infrastructure, solid continuity plan, and a strong cyber liability program, you should be able to weather the storm if you face a network security breach.
About the Author
Alan Sisk is a Sr. Risk Advisor with Geny Insurance Group. Alan partners with commercial clients to proactively identify ways to create and increase the value of their businesses through insurance and risk management techniques. He brings a creative approach to his clients and the field of insurance by challenging old conventions and applying new philosophies. Alan is very knowledgeable of the cyber exposures that businesses face today and well-informed of the latest trends in the marketplace. Should you have any questions, please contact Alan at 615.515.3218 or alan@genyinsurance.com.
About Geny Insurance Group
Celebrating its 30th year anniversary, Geny Insurance Group (Nashville, TN) has been a full-service independent insurance agency devoted to serving the needs of individuals and businesses. As one of the most respected independent insurance agencies in Middle Tennessee, they strive to provide a customized risk management solution that protects their client’s most critical assets and supports their future goals. Geny Insurance Group is the Nashville office and headquarter location for SouthPoint Risk Advisors, which operates out of 6 offices throughout TN & KY and offers Personal & Commercial Insurance, Risk Management, and Employee Benefits.