Cyber Liability Insurance. Most businesses these days make use of electronic data in some form or another. Electronic data keeps a record of their customers and employees, and often electronic data puts them in touch with their customers. Everything that has to do with data takes place either on a computer or on the internet: And this means that data is susceptible to being accessed or stolen.
Cybercrime is incredibly common, and if it happens to you or your business then you could be held liable for thousands worth in damages or losses. You could even be held liable for the information compromise or loss of the information belonging to a third-party if the information breach happened on your systems.
Here's more information about cyber liability insurance and what it could mean for your business.
Cyber liability insurance protects your business from data breaches with rates as low as $27/mo. Get a fast quote and protect your customers privacy now."
Cyber liability insurance helps your business deal with the costs of data breach and recovery by helping to pay for:
First-party coverage covers you and your business in the event of damages, losses or claims arising from personal data. Cyber Liability insurance covers you on a variety of fronts, and sometimes also covers the recovery costs of the personal data in question.
We mentioned third-party coverage earlier on in this article: This refers to damages that may be claimed by a third-party in the case of a cyber liability loss or claim. Some of the instances that are covered:
Apache Corporation (Apache) is an oil producing company that principally operates in Houston, Texas, but also operates internationally. Apache was insured by Great American Insurance Company (GAIC) and that policy included a "Computer Fraud" provision as part of their crime coverage. In March 2013, an Apache employee in Scotland received a telephone call from a person who identified him/herself as a representative of Petrofac, a vendor for Apache.
The caller advised Apache to change the bank account information for future payments to Petrofac. The Apache employee informed the caller that a formal request from Petrofac on Petrofac letterhead would be necessary to affect any change.
One week later, the accounts payable department of Apache's received an email from a "petrofacltd.com" address. However, Petrofac's proper email domain is "petrofac.com"; criminals had created a fake domain to send the fraudulent email. The email read "Petrofac's accounts details have now been changed"; and "[t]he new account takes ... immediate effect and all future payments must now be made into this account".
The email included an attachment of a signed notice of the change to the banking information on Petrofac letterhead that included both the old and the new bank account information. The email further informed that the attachment had also been posted (mailed) to Apache.
The responding Apache employee telephoned to confirm the request using the telephone number on the letterhead. Next, a different employee approved and implemented the change. Within days, Apache was transferring funds to the new account based on Petrofac's invoices. However, Petrofac soon informed Apache that it had not received the $7 million. After an investigation determined the criminals were based in Latvia, Apache recovered a substantial portion of the funds. However, Apache had lost $2.4 million. Apache submitted a claim to GAIC under the computer fraud provision which read:
"We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
In its denial letter, GAIC advised Apache's "loss did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds".
Both entities filed for summary judgment and the court ruled in favor of Apache noting that the email was a "substantial factor" in the loss. GAIC appealed the decision and argued that Apache had requested the email as confirmation of the bank account change following a telephone call. The loss occurred when Apache sent payments to the wrong bank account based on a legitimate invoice. It was a loss but it was not a computer fraud loss.
Judgment was made in favor of GAIC.
(Apache Corp. v. Great Am. Ins. Co., 662 F. App'x 252 (5th Cir. 2016))
Interactive Communications International, Inc. and HI Technology Corp. (together, "InComm") operate a business that allows customers to put money onto reloadable bank-issued debit cards. The money is added by the customer first buying a chit from a retailer and then calling InComm's 1-800 number which connects to an interactive voice response (IVR) computer system. The consumer enters the debit card number and the PIN located on the chit at which time the IVR credits the value of the chit to the card. The funds become immediately available to the cardholder.
Between November 2013 and May 2014, fraudsters identified a vulnerability within InComm's IVR system that permitted multiple redemptions of a single chit. The vulnerability occurred when two or more calls were made to the IVR system simultaneously for the redemption of the same chit. One call would transfer the funds from the chit to the debit card account, while the other would return the chit to an "unredeemed" state which permitted a future redemption. Over seven months, InComm's system processed 25,553 fraudulent redemptions associated with 1,988 individual chits.
After the loss was discovered, InComm made a claim for $10.7 million against its computer fraud policy underwritten by Great American Insurance Company (GAIC). The policy provides coverage for:
"loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises: (a) to a person (other than a messenger) outside those premises; or (b) to a place outside those premises."
GAIC filed for summary judgment as to coverage contending that the policy does not cover InComm's loss because the scam was not executed through the direct use of a computer. It argued that the loss occurred as a result of the misuse of the IVR system. The district court granted the summary judgment and InComm appealed.
The appellate court affirmed the ruling of the district court. It held that the loss was not the result of a computer and that even if it had been due in some way to a computer, the loss remained excluded because the loss was not due to any direct use of a computer.
(Interactive Commc'ns Int'l, Inc. v. Great Am. Ins. Co., No. 17-11712, 2018 WL 2149769 (11th Cir. May 10, 2018))
After receiving an unauthorized solicitation regarding cosmetic surgery services via cell phone text messages, David Bochenek (as a lead plaintiff) filed a class action lawsuit against McAdoo Cosmetic Surgery. The suit alleged that the unauthorized solicitation was a privacy wrongful act, in violation of the Telephone Consumer Protection Act (TCPA) and the Consumer Fraud Act (CFA).
McAdoo filed a claim for coverage with his insurer, Doctors Direct Insurance (Direct). The insurer, which provided McAdoo with a Cosmetic Surgeon's Professional Liability Policy, endorsed with cyber claims coverage, filed for a summary judgment. It argued that the unsolicited texts were not acts eligible for coverage. After a lower court ruled in favor of Direct, Bochenek appealed.
On appeal, Bochenek argued that the texts did qualify as covered, privacy wrongful acts in violation of the two referenced national acts. The allegation was based on the unsolicited texts constituting the control and use of personally identifiable financial, credit or medical information, the same language used in the cyber endorsement's definition of "privacy wrongful act". The information used to distribute the texts were a list of names and phone numbers collected from a spa.
The higher court examined Bochenek's arguments. In its review, the court found that the TCPA and the CFA prohibited certain types of unauthorized contacts and did not involve the mechanics of how call lists were created. It also found that Direct's cyber endorsement language regarding privacy wrongful acts was not, as alleged by Bochenek, ambiguous. Since the texts did not involve abuse of personally identifiable credit, financial or medical information, the court agreed that Direct did not owe a legal defense or coverage for the allegations made by the lawsuit.
The lower court ruling in favor of the insurer was affirmed.
(Doctors Direct Insurance, Inc. Plaintiff-Appellee v. David Bochenek, Defendant-Appellant and Beaute 'E'mergente, LLC doing business as McAdoo cosmetic Surgery, Defendant. Appellate Court of Illinois, First district, first Division. Case No.1-14-2919. August 3, 2015. Affirmed. Westlaw, 38 N.E. 3d.116)
Perhaps you have the next great idea for a product or service that you know will appeal to your local area. Maybe you want to contribute to the economic growth of your community. Whatever the reason is, if you're thinking about starting a small business, it's important to understand pertinent information relating to small businesses in the United States; namely economic information and insurance regulations. After all, if you want your small business to succeed, you have to understand the economic trends organizations of a similar size in your area.
Likewise, you want to ensure that your small business is well protected with the right business insurance and that you are in compliance with the rules and regulations that pertain to commercial insurance in your region.
Read up on economic statistics and insurance information that relates to small business owners in the United States.
Here's a look at some information that was compiled by the Small Business Association (SBA) regarding the economic data that pertains to small businesses in the United States:
In the business world, there are many risks faced by company's every day. The best way that business owners can protect themselves from these perils is by carrying the right insurance coverage.
The The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer review, and coordinate their regulatory oversight.
Commercial insurance is particularly important for small business owners, as they stand to lose a lot more. Should a situation arise - a lawsuit, property damage, theft, etc. - small business owners could end up facing serious financial turmoil.
According to the SBA, having the right insurance plan in place can help you avoid major pitfalls. Your business insurance should offer coverage for all of your assets. It should also include liability and casual coverage. The SBA recommends the following insurance plans for small business owners:
Protect your company and employees with the right commercial insurance policies. Read informative articles on small business insurance coverages - and how they can help shield your company from legal liabilities.
Your small business faces many potential disasters including: fire, floods, theft, equipment breakdown, lawsuits from clients or customers and current & former employees. Any many other risks you haven't even thought about.
A small business commercial insurance program should provide protection for both larger and smaller disasters. The obvious things like fire, flood and theft most business owners think about... but what if a hacker infects your computers with a virus - and files containing private customer information like credit card and Social Security numbers are stolen?
Who is going to pay to fix your customers credit rating etc...? Will your insurance pay for the cost? You need to know that.
Your commercial insurance program should cover events that can close down your company, or cause it to lose revenue. Anything less than that is not enough coverage. Commmercial insurance doesn't cover everything, and all policies have exclusions and limits.
You need a written plan that allows you to get your operations back up and running as quick as possible.