Is your business covered against cyber risks?
Is your company covered if it fails to protect your customers’ data online and there’s a data breach? What happens if you unintentionally misuse a customer’s logo or other intellectual property on your Web site? What if your computer system starts spreading more viruses than Typhoid Mary?
Many people assume that their company’s general liability coverage extends to such technology-related risks. However, unless the company has obtained specialized coverage related to these cyber risks, that assumption may be wrong.
“They’re all separate policies that cover this type of exposure,” said Cameron Burt, an account executive with Holmes Murphy & Associates. “As insurance companies began entering the industry, they quickly realized that the general liability policy was not designed to cover something like a technology-caused loss. They cover traditional perils, but not things such as covering against a loss from a technology company failing to finish a project.”
The St. Paul Travelers Companies Inc., The Hartford Financial Services Group Inc.,The Chubb Corp. and American International Group Inc. are among the relatively limited group of insurers that have formed divisions to specifically meet technology insurance needs, Burt said.
“Their policies are written to include technology-related language; their staff is experienced in the industry, so they understand what the resulting damage from a loss from lost data could be, and how a claims adjuster would respond to that,” he said.
Breaches of secured Web sites resulting in compromised customer data are “the biggest pain”companies are facing, Burt said, with new instances being reported by companies almost on a daily basis.
Mike Lang, president of Alliance Technologies Inc., said his company’s professional liability coverage cost, about $60,000 per year, is his business’s third largest expense after payroll and employee benefits. The coverage includes general liability,plus coverage for the company’s liability in hosting Web sites and against risks such as hackers.
Lang said Alliance routinely shops for the best coverage through its broker, Holmes Murphy, and switched to the Hartford about two years ago.
“I think it’s overpriced, because we’ve never had a claim,” Lang said.”But the insurance companies don’t look at it that way.”
Regardless of whether a company’s primary business is providing technology services or it simply offers its services through a Web site, it should determine its level of risk and the amount of coverage needed, Burt said.
“A good place to determine your exposure is to look at what your contract (with clients) says,” he said. “A lot of businesses may not realize that when they work with a customer and sign a contract, they are contractually agreeing to provide some relief or coverage in the event that something happens.
“But aside from a contract, if I hire someone in technology to do something for me, and their work results in economic damage to me, I have some sort of indemnification where that company is going to make me whole. Any business should look into obtaining professional liability coverage, but it also should look at the opportunity cost if it doesn’t have it.”
Most IT companies can expect to pay a minimum of $1,200 to $1,500 per year for $1 million of coverage,which is a typical entry coverage level. “I’ve seen it all the way up to $25 million, and it can go higher if the company desires.”
Insurers that specialize in cyber insurance have instituted a number of programs to assist companies in assessing and mitigating their technology risks, Burt said. “For instance, (an insurer may suggest), let’s take an infrared scanner into your server room and look for a wire that may be hot, because if it causes a fire, your server will be down,” he said.
Holmes Murphy also hosts risk management seminars that can be conducted from a company’s place of business and Webcast companywide, he said.