Cyber Liability Insurance – Protecting Personally Identifiable Information

Personally Identifiable Information, or PII, is every bit as valuable as England’s Crown Jewels, and like the Queen’s baubles, requires protection from theft.  What is PII?  As the name suggests, PII is information of a personal nature – credit card information, social security numbers, driver’s license numbers, banking information, employment information, insurance information, medical records, and business information such as trade secrets.

When you consider the millions upon millions of PII data bits out there, and couple that knowledge with the thousands of ways that data can be compromised, you begin to understand the scope of the issue.  A business that doesn’t take steps to insure itself against the fallout of a data breach risks more than just a few upset customers.  Failing to insure against a data breach can result in heavy fines levied against the company, lawsuits filed by those whose information was compromised, loss of productivity, and massive loss of customer confidence – all which affect the bottom line.

Upwards of a quarter of PII loss is a result of stolen or lost equipment, hard drives, or documents, but fully a third of all data breaches come from hacking.  Make no mistake, hackers are constantly seeking weak spots in networks and firewalls, and in many cases are finding them.  Laws exist in each state that require certain responses depending on the scale of the data breach, beginning with notification to those persons whose PII has been compromised.  Specific protocols exist for the notification process, relative to the laws of each state, which can mean a substantial amount of money spent just in notification alone.  Resulting litigation can also result in varying degrees of difficulty for your business, as well, not the least of which is a significant loss of money.

Don’t make the mistake of assuming that because your business is small, you’re safe from hackers and data loss.

Large corporations aren’t the only ones targeted by cyber criminals.  Small and midsized businesses are seen as an attractive target because their networks are sometimes not as well-protected as those of large corporations.  But whether you have ten employees or 500 employees, cyber security is an issue.

The internet is vast, and it isn’t iron-clad.  Regardless of the thoroughness of your cyber security protocols, hackers can still manage to gain entrance to sensitive information.  According to software company Symantec, nearly 75% of small and midsize businesses fell victim to a cyber-attack within the past 12 months, resulting in lost productivity, lost revenue, and direct financial costs.

How do you protect your business against this sort of catastrophic event?

Your first line of defense is to improve your internet security.  Better Internet security can take the form of stronger passwords, encryption of sensitive data, installation of antivirus software, and ongoing training for your employees on the subjects of securely checking emails and surfing the web.  And you would be wise to consider another layer of protection:  cyber liability insurance.

Don’t assume that because you have general liability insurance on your business, your policy covers a breach in security or privacy.  Most insurance carriers do not include cyber security in their list of coverable liabilities.  Unless you have purchased a cyber insurance endorsement for your policy, most carriers will not provide coverage for the costs associated with the damages incurred by a data breach.

Cyber liability is a relatively new property in the realm of business insurance.  Unlike general liability insurance, which covers third party bodily injury or property damage, cyber liability insurance protects informational property.  By covering the first and third party risks associated with the internet and PII, cyber liability insurance protects your business from a heavy financial burden should your network be compromised.

Says Glen Stover, agent with Forest Sherer Insurance:  “Standard commercial general liability insurance does NOT cover Cyber Liability.  Cyber Liability claims can be devastating to any organization.  It is important to consult an insurance professional who understands the emerging cyber liability issues.  It is important to also note that all cyber liability insurance policies are NOT alike.  In addition to protection from third party lawsuits, it is important to have claims mitigation expense coverage and regulatory proceeding coverage as well.”

Consider this:  a medical practice digitizes its patient records and at some point thereafter a hacker (or organized crime group) gains access to those records.  Compromised are the names, birthdates, and social security numbers of all 2900 of the practice’s patients.  By law, the medical practice must notify each of the patients of this data breach, via registered mail, at an average cost of $10 per registered mail piece.  The $29,000 cost for this action alone is not covered by the medical practice’s general liability insurance coverage.  And this is just the beginning.  If just a handful of these patient records result in stolen identity, resulting lawsuits could push the tab up another $165,000 per claimant.  Investigation by a regulatory body will most certainly result in stiff fines and penalties, upwards of $150,000.  And none of this is covered by general liability insurance.

Because of the relative newness of cyber liability insurance, many insurance agents don’t have a deep understanding of the issues involved.  Seeking out an agent with some experience in this subject will help to assure your business receives the protection it needs against this type of crime.

For more information on hacking and cyber liability: