Cyber Liability Insurance Policy Information
Cyber Liability Insurance. Most businesses these days make use of electronic data in some form or another. Electronic data keeps a record of their customers and employees, and often electronic data puts them in touch with their customers. Everything that has to do with data takes place either on a computer or on the internet: And this means that data is susceptible to being accessed or stolen.
Cybercrime is incredibly common, and if it happens to you or your business then you could be held liable for thousands worth in damages or losses. You could even be held liable for the information compromise or loss of the information belonging to a third-party if the information breach happened on your systems.
Here's more information about cyber liability insurance and what it could mean for your business.
Cyber liability insurance protects your business from data breaches with rates as low as $27/mo. Get a fast quote and protect your customers privacy now."
What Does Cyber Liability Insurance Cover?
Cyber liability insurance helps your business deal with the costs of data breach and recovery by helping to pay for:
- Security Breach Expense - Loss that is the direct result of a security breach. Although under the forensics part of security breach the insurance company does pay the costs to determine what needs to be done going forward to prevent security breaches this policy does not pay to actually put such needed changes into effect. Those costs are the responsibility of the named insured.
- Extortion Threats - Loss that is the direct result of an extortion threat.
- Replacement or Restoration of Electronic Data - Loss to stored computer programs or electronic data within a computer system.
- Business Income and Extra Expense - Loss that is the result of an interruption is covered when it is a direct result of a cyber incident or extortion threat.
- Public Relations Expense - Loss that is the result of negative publicity is covered when it is a direct result of a cyber incident or security breach.
- Security Breach Liability - Loss that is the result of a claim which is discovered during the policy period is covered if the insured is legally obligated to pay it and was due to a wrongful act that takes places before the end of the policy period.
First Party vs. Third Party Cyber Insurance Coverage
First Party Coverage
First-party coverage covers you and your business in the event of damages, losses or claims arising from personal data. Cyber Liability insurance covers you on a variety of fronts, and sometimes also covers the recovery costs of the personal data in question.
- Damage or Loss of Electronic Data: These days, most information is stored in electronic form. This means that the information can be damaged or lost in several ways – for example, someone can simply delete the wrong file on the system and lose all the client information for a year, or the breach can be via hacker – and personal client information could be spread illegally in this way.
- Loss of Income or Extra Expenses: A technological breach could affect your business in such a way that it cost your business operating costs while the breach is repaired, or business while the systems are down. A Cyber Liability policy makes provision for this damage, and you are able to claim for the damages or losses experienced. Extra expenses, briefly, are things like the costs of recovering the lost data. This is something that should be covered under your liability insurance policy, too.
- Cyber Extortion: Cyber extortion can happen in several forms, and it can cost your business thousands of dollars – or more. For example, if a hacker held personal information ransom for $250, 000, who would pay for the lost business, the lost time and the necessary investigations? If you have cyber liability insurance, then your insurance will cover losses due to cyber extortion, too.
- Damage to Your Reputation: Cybercrime can cause a lot of damage to your business and its reputation – this can be internal, or it can turn into a scandal that makes its way to the media and costs you serious business. Either way, damage to your reputation that arises from cybercrime should be covered under your cyber liability insurance policy – and, depending on your individual policy, instances of social media damages could also be covered.
Third Party Coverage
We mentioned third-party coverage earlier on in this article: This refers to damages that may be claimed by a third-party in the case of a cyber liability loss or claim. Some of the instances that are covered:
- Network Security Liability: In short, network security liability becomes an issue when the security of the network is compromised – and usually anyone else's security in the process. This will be covered by your cyber liability insurance policy.
- Network Privacy Liability: With network security, it's just as easy for someone's privacy to be compromised over a network, and in this case it will also be covered by your cyber liability insurance policy.
- Electronic Media Liability: Electronic media liability covers all forms of electronic media from cyber liability, and while not all policies will have this clause, you should check yours to make sure if it does – ask your insurance provider if you aren't sure about the details.
- Errors and Omissions Liability: Errors & Omissions cover will insure you if any mistakes, losses or data breaches take place due to the fact that there is an omission or error from one level of the company to another.
'Real Life' Court Cases Involving Cyber Liability Insurance:
Apache Corp. v. Great Am. Ins. Co.
Apache Corporation (Apache) is an oil producing company that principally operates in Houston, Texas, but also operates internationally. Apache was insured by Great American Insurance Company (GAIC) and that policy included a "Computer Fraud" provision as part of their crime coverage. In March 2013, an Apache employee in Scotland received a telephone call from a person who identified him/herself as a representative of Petrofac, a vendor for Apache.
The caller advised Apache to change the bank account information for future payments to Petrofac. The Apache employee informed the caller that a formal request from Petrofac on Petrofac letterhead would be necessary to affect any change.
One week later, the accounts payable department of Apache's received an email from a "petrofacltd.com" address. However, Petrofac's proper email domain is "petrofac.com"; criminals had created a fake domain to send the fraudulent email. The email read "Petrofac's accounts details have now been changed"; and "[t]he new account takes ... immediate effect and all future payments must now be made into this account".
The email included an attachment of a signed notice of the change to the banking information on Petrofac letterhead that included both the old and the new bank account information. The email further informed that the attachment had also been posted (mailed) to Apache.
The responding Apache employee telephoned to confirm the request using the telephone number on the letterhead. Next, a different employee approved and implemented the change. Within days, Apache was transferring funds to the new account based on Petrofac's invoices. However, Petrofac soon informed Apache that it had not received the $7 million. After an investigation determined the criminals were based in Latvia, Apache recovered a substantial portion of the funds. However, Apache had lost $2.4 million. Apache submitted a claim to GAIC under the computer fraud provision which read:
"We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
- a. to a person (other than a messenger) outside those premises; or
- b. to a place outside those premises."
In its denial letter, GAIC advised Apache's "loss did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds".
Both entities filed for summary judgment and the court ruled in favor of Apache noting that the email was a "substantial factor" in the loss. GAIC appealed the decision and argued that Apache had requested the email as confirmation of the bank account change following a telephone call. The loss occurred when Apache sent payments to the wrong bank account based on a legitimate invoice. It was a loss but it was not a computer fraud loss.
Judgment was made in favor of GAIC.
(Apache Corp. v. Great Am. Ins. Co., 662 F. App'x 252 (5th Cir. 2016))
Interactive Commc'ns Int'l, Inc. v. Great Am. Ins. Co.
Interactive Communications International, Inc. and HI Technology Corp. (together, "InComm") operate a business that allows customers to put money onto reloadable bank-issued debit cards. The money is added by the customer first buying a chit from a retailer and then calling InComm's 1-800 number which connects to an interactive voice response (IVR) computer system. The consumer enters the debit card number and the PIN located on the chit at which time the IVR credits the value of the chit to the card. The funds become immediately available to the cardholder.
Between November 2013 and May 2014, fraudsters identified a vulnerability within InComm's IVR system that permitted multiple redemptions of a single chit. The vulnerability occurred when two or more calls were made to the IVR system simultaneously for the redemption of the same chit. One call would transfer the funds from the chit to the debit card account, while the other would return the chit to an "unredeemed" state which permitted a future redemption. Over seven months, InComm's system processed 25,553 fraudulent redemptions associated with 1,988 individual chits.
After the loss was discovered, InComm made a claim for $10.7 million against its computer fraud policy underwritten by Great American Insurance Company (GAIC). The policy provides coverage for:
"loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises: (a) to a person (other than a messenger) outside those premises; or (b) to a place outside those premises."
GAIC filed for summary judgment as to coverage contending that the policy does not cover InComm's loss because the scam was not executed through the direct use of a computer. It argued that the loss occurred as a result of the misuse of the IVR system. The district court granted the summary judgment and InComm appealed.
The appellate court affirmed the ruling of the district court. It held that the loss was not the result of a computer and that even if it had been due in some way to a computer, the loss remained excluded because the loss was not due to any direct use of a computer.
(Interactive Commc'ns Int'l, Inc. v. Great Am. Ins. Co., No. 17-11712, 2018 WL 2149769 (11th Cir. May 10, 2018))
Doctors Direct Insurance, Inc. Plaintiff-Appellee v. David Bochenek, Defendant-Appellant and Beaute 'E'mergente, LLC doing business as McAdoo cosmetic Surgery, Defendant
After receiving an unauthorized solicitation regarding cosmetic surgery services via cell phone text messages, David Bochenek (as a lead plaintiff) filed a class action lawsuit against McAdoo Cosmetic Surgery. The suit alleged that the unauthorized solicitation was a privacy wrongful act, in violation of the Telephone Consumer Protection Act (TCPA) and the Consumer Fraud Act (CFA).
McAdoo filed a claim for coverage with his insurer, Doctors Direct Insurance (Direct). The insurer, which provided McAdoo with a Cosmetic Surgeon's Professional Liability Policy, endorsed with cyber claims coverage, filed for a summary judgment. It argued that the unsolicited texts were not acts eligible for coverage. After a lower court ruled in favor of Direct, Bochenek appealed.
On appeal, Bochenek argued that the texts did qualify as covered, privacy wrongful acts in violation of the two referenced national acts. The allegation was based on the unsolicited texts constituting the control and use of personally identifiable financial, credit or medical information, the same language used in the cyber endorsement's definition of "privacy wrongful act". The information used to distribute the texts were a list of names and phone numbers collected from a spa.
The higher court examined Bochenek's arguments. In its review, the court found that the TCPA and the CFA prohibited certain types of unauthorized contacts and did not involve the mechanics of how call lists were created. It also found that Direct's cyber endorsement language regarding privacy wrongful acts was not, as alleged by Bochenek, ambiguous. Since the texts did not involve abuse of personally identifiable credit, financial or medical information, the court agreed that Direct did not owe a legal defense or coverage for the allegations made by the lawsuit.
The lower court ruling in favor of the insurer was affirmed.
(Doctors Direct Insurance, Inc. Plaintiff-Appellee v. David Bochenek, Defendant-Appellant and Beaute 'E'mergente, LLC doing business as McAdoo cosmetic Surgery, Defendant. Appellate Court of Illinois, First district, first Division. Case No.1-14-2919. August 3, 2015. Affirmed. Westlaw, 38 N.E. 3d.116)
Small Business Economic Data & Insurance Regulations
Perhaps you have the next great idea for a product or service that you know will appeal to your local area. Maybe you want to contribute to the economic growth of your community. Whatever the reason is, if you're thinking about starting a small business, it's important to understand pertinent information relating to small businesses in the United States; namely economic information and insurance regulations. After all, if you want your small business to succeed, you have to understand the economic trends organizations of a similar size in your area.
Likewise, you want to ensure that your small business is well protected with the right business insurance and that you are in compliance with the rules and regulations that pertain to commercial insurance in your region.
Read up on economic statistics and insurance information that relates to small business owners in the United States.
Small Business Economic Data In The United States
Here's a look at some information that was compiled by the Small Business Association (SBA) regarding the economic data that pertains to small businesses in the United States:
- In 2015, small businesses in the United States employed an estimated 58.9 million American workers, or 47.5 percent of the nation's private workforce.
- Largest shares = fewer than 100 employees. The small businesses that employed 100 people or less had the largest share of employment amount small businesses.
- Employment increased by nearly 2 percent. In 2018, employment amongst small businesses increased by 1.8 percent, which is an increase of 1 percent from the prior year.
- Increase in proprietors. In 2016, the number of small business proprietors increased by 2.3 percent.
- In 2015, small businesses were responsible for creating 1.9 million net jobs. Organizations that employed 20 people or less had the largest gains, as they added an estimated 1.1 million net jobs.
- There were 5.7 million loans that were value less than $100,000 issued by lenders in the United States in 2016. These loans were issued under the Community Reinvestment Act.
- Small business owners that were self-employed at the incorporated businesses that they owned reported a median income of $50,347 in 2016.
- Small business owners that were self-employed at the unincorporated businesses that they owned reported a median income of $23,060 in 2016.
Small Business Insurance Information
In the business world, there are many risks faced by company's every day. The best way that business owners can protect themselves from these perils is by carrying the right insurance coverage.
The The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer review, and coordinate their regulatory oversight.
Commercial insurance is particularly important for small business owners, as they stand to lose a lot more. Should a situation arise - a lawsuit, property damage, theft, etc. - small business owners could end up facing serious financial turmoil.
According to the SBA, having the right insurance plan in place can help you avoid major pitfalls. Your business insurance should offer coverage for all of your assets. It should also include liability and casual coverage. The SBA recommends the following insurance plans for small business owners:
- Commercial Property Insurance: In the case of an unplanned disaster - fire, flood, vandalism, theft, etc. - this type of coverage will help you avoid paying for the damage out of your own pocket. Even if you rent the property, you should still carry commercial property insurance.
- Commercial Liability Insurance: In the event that a legal situation arises - a negligence lawsuit, for example - commercial liability coverage will provide financial protection. It will cover the cost of legal defense fees, court fees, and even moneys that may be awarded.
- Commercial Auto Insurance: If you operate a vehicle for any activities that are related to your business - transporting and/or delivering goods, or meeting with clients - commercial auto insurance is legally required for businesses of all sizes, including small businesses.
Additional Resources For Small Business Insurance
Protect your company and employees with the right commercial insurance policies. Read informative articles on small business insurance coverages - and how they can help shield your company from legal liabilities.
- Small Business
- Business General Liability
- Business Liability
- Business Owners Policy (BOP)
- Certificate of Insurance
- Commercial Auto
- Commercial Umbrella
- Comprehensive General Liability
- Directors and Officers Liability
- Cyber Liability
- Employers Liability
- Employment Practices Liability
- General Liability
- Home Based Business
- Independent Contractor
- Liability Insurance Certificate
- Liability Insurance
- Professional Liability
- Workers Compensation Insurance
Your small business faces many potential disasters including: fire, floods, theft, equipment breakdown, lawsuits from clients or customers and current & former employees. Any many other risks you haven't even thought about.
A small business commercial insurance program should provide protection for both larger and smaller disasters. The obvious things like fire, flood and theft most business owners think about... but what if a hacker infects your computers with a virus - and files containing private customer information like credit card and Social Security numbers are stolen?
Who is going to pay to fix your customers credit rating etc...? Will your insurance pay for the cost? You need to know that.
Your commercial insurance program should cover events that can close down your company, or cause it to lose revenue. Anything less than that is not enough coverage. Commmercial insurance doesn't cover everything, and all policies have exclusions and limits.
You need a written plan that allows you to get your operations back up and running as quick as possible.