Today, we focus on the Insurance Agency, and your own need to carry this important business coverage.
With the requirements to protect consumers AND employees against information theft, companies in every industry and every size are now at risk for both third party legal liability and first parts injury costs arising from security breaches. The regulations and notification requirements now enacted in 46 states make navigating the laws very difficult for commercial business. It is well documents that the top three industries at biggest risk for potential breaches are hospitality, healthcare, and financial services. Financial services includes retail insurance agencies.
The entire issue centers around Personal Confidential Information, known as PCI, which includes Personal Identifiable Information and Personal Health Information, known as PII and PHI respectively. Those businesses in possession of this information are at serious exposure to the potential for breach. These are targeted entities as the bad guys know they store a lot of information.
Insurance agencies themselves are BIG gatekeepers of this information, such as accountants and mortgage companies are. What are they doing to protect themselves in the event they are breached? Are you currently carrying coverage to insure for your legal liabilities? What about your first party costs that are not legal liabilities?
Here is the misconception. A lot of smart people believe that if they do not host the information, or they do not keep any PCI at all, that they then do not need the insurance. Not only is this not true, these entities are even more at risk of claim from a malicious code either attached to their network or transmitted from their network. They become legally liable in either scenario.
A big question that is also one not generally asked by a retail agency is do my vendors carry Cyber Insurance and at what limits? If you are having your data stored offsite, that vendor should have Cyber Insurance. Your cleaning firm needs to have it. Your landlord or management company needs to have it. Any vendor you deal with who has access into your building, your data, or any of your systems should be maintaining Cyber Insurance. What’s more is that the policy limits should be maintained at a sufficient enough limit that should their systems be breached and hackers get into yours and their other customers simultaneously that any one customer’s claim against them does not deplete insurance coverage to pay your costs.
Another problem facing today’s retailer is understanding the coverage component and definition differences between forms. First party notification costs are not going to be covered by a D&O policy, as the Insured in not legally liable to reimburse itself for its own costs. D&O policies respond to claims where the Insured is legally liable for the loss. There are numerous questions you need to check into before you make a Cyber Insurance purchase:
- What is the definition of a compromised record?
- Is coverage reimbursement or pay on behalf of?
- Does it extend to forensic expenses?
- Can Business Interruption coverage be purchased?
- Is their coverage for rogue employees?
So many agencies do not carry this coverage, and the ones that do appear to have it with carriers who specifically put limitations on the amount of coverage they will provide for the very areas of exposure that an agency would mostly likely see a claim to be paid under. For example, notifications costs may be limited to $100,000. Media Liability coverage may apply only to electronic media, or even only to media on the Insured’s own website. Credit monitoring expenses you may incur may not be included as coverage. Standard market carriers have not developed forms that are as comprehensive as those carriers who specialize in writing this line of business specifically. In addition, more and more carriers are coming out with new programs, cluttering the coverage marketplace even more.
The questions you need to ask yourself are extensive, so working with a broker who understands not just the line of business, but also the variances between the carriers’ forms, and the industry classes purchasing the coverage, becomes the primary importance to employing a confident and comprehensive Cyber Insurance program. At US Pro, we are America’s Cyber Insurance expert, and we spend hours and hours every week staying on top of and in touch with the everyday evolution of this emerging line of business.
Please let us take a look at a Cyber Liability program for your agency and all of your commercial customers today! Our simple Cyber Indication App is short and easy to complete, and minimum premium for third and first party coverage for a 1M limit begins at $1,000. To request an application, or to send us a submission, please contact firstname.lastname@example.org.