Tuesday, December 11, 2012

Data Breach Part IV - Coverages

Photograph by Ofer Wolberger, Popular Mechanics July 2010
Most of us know that the lock on the door of our house is sufficient to prevent someone from gaining easy access to our property. It's been said that locks keep honest people out. But we also know that if someone is really determined they can breach the majority of security measures we might have in place. If they're really skilled, they can do so rather quickly. The same is true with our computers and the date stored on them, especially those used in a business operation. 

As business and government operations rely more heavily on computers to perform tasks and store data, more criminals, hackers and terrorists are turning toward computer related crimes to either make money, cause damage or both.  In the past few years there's been a significant spike in cyber crime and there's no reason to believe the rate of incidents will diminish anytime soon. The FBI's Internet Crime Complaint Center (IC3) states they received over 314,000 complaints of online criminal activity in 2011 (2011 Internet Crime Report). That's the third year in a row incidents topped 300,000, and that's just what was reported to them.

Insurance carriers are trying to keep up with the changing landscape by crafting new coverage options and improving existing wordings and features. Here are a few of the current options that may be available to your client (terminology may vary slightly from carrier to carrier, and some coverages provided, especially first party, will usually be subject to a sub-limit):
  • Network and Information Security
    • claims arising from the unauthorized access to data and that's usually personally identifiable information
    • failure to provide notification of a breach (as required by law)
    • transmission of a computer virus or similar
    • liability associated with the failure to provide authorized users with access to the company's website
  • Communications and Media Liability
    • coverage for claims arising from copyright infringement, plagiarism, libel, slander in electronic content
  • Defense Expense
    • coverage for governmental claims as a result of network and information security liability, and/or communications and media liability
  • Security Breach Remediation and Notification Expense (first party)
    • costs incurred to determine whose identity information was accessed
    • cost of notification to customers/others of the security breach
    • identity fraud expense reimbursement for those individuals affected by the breach
    • credit monitoring services for those notified (usually for 12 months)
    • call center services to assist with inquiries
  • Computer Program and Electronic Data Restoration Expenses (first party)
    • expenses incurred to restore data lost from damage to computer systems due to computer virus and/or unauthorized access.
  • Computer Fraud (first party)
    • coverage for loss of money, securities or other property due to unauthorized access to computer systems
  • Funds Transfer Fraud (first party)
    • coverage for loss of money or securities due to fraudulent transfer instructions to a financial institution
  • E-Commerce Extortion (first party)
    • money paid due to threats made regarding an intent to destroy data, introduce a virus or attack a computer system, disclose customer info or other similar threats
  • Business Interruption and Additional Expenses (first party)
    • loss of income and extra expense incurred to restore operations, must be a result of a computer system disruption caused by a virus or other unauthorized computer attack
This is a fairly representative list, but each carrier tries to offer something a little different, so exact terms will depend on the unique qualities of the  business, and the carrier offering coverage(s).  Also, it's not necessary to buy all of the coverage options, usually the coverages can be purchased in sections or modules. Contact us today for a quote or help determining how to best address your client's needs.