NEWSLETTERS: Lost in Space

By Anthony Tellers, Bowermaster and Associates Regional Vice President

Main frames. E-mail addresses. Wireless internet access. Links. Networking. In today’s business world, all companies send, store, and receive traditional information in very non-traditional ways. Much of this information is private and sensitive - driver’s license numbers, addresses, credit card numbers, bank accounts, PINs. Information that we used to keep in our wallet or locked away in a file cabinet is now typed daily onto a keyboard and sent over the Internet. How does it work? How safe is it? What is Bluetooth, anyway?

Insurance companies are pretty efficient at designing policies to protect against traditional exposures. As business over the Internet grew, these carriers also became very adept at designing exclusions to eliminate coverage for damage they did not understand. The most far reaching limitation is the one that removes coverage for damage to any “intangible” property. If you can’t touch it and it doesn’t have a physical existence, it is not covered. Therefore, data that is lost, destroyed, or stolen would not be covered. Information that is stolen or destroyed would not be covered. Sensitive or private customer records that are lost or stolen are not covered. Businesses need to be aware that litigation arising from such incidents are not covered by the standard property or liability insurance policy.

Insurance companies have become more comfortable in designing policies and endorsements that provide protection to a business owner when data is lost or stolen. These “cyber insurance” policies can be written not only for technology focused companies, but also for any business that conducts transactions over the Internet and has custody of sensitive customer information. These policies can provide coverage for:

  • Unauthorized access or use of a network;
  • Tampering with a network or the introduction of malicious code;
  • Infringement of copyright;
  • Plagiarism or misappropriation of ideas;
  • Liable and slander;
  • Loss of business income resulting from a covered shutdown of the computer system;
  • Crime coverage that protects against stolen trade secrets or customer information;
  • The costs to attain legal counsel to assist with the breach responses, including forensics, notice requirements, and expenses.

Although these cyber insurance policies are not designed to take the place of prudent, in house security measures, they are a big improvement over the standard policy. Consideration of these specialty policies and coverages should be a part of the annual business insurance review.