Risk Management Shouldn’t Be Risky Business
Originally published: 01.01.12 by Matthew Stangle
When you meet with your insurance agent this year, be sure to ask about electronic-data liability insurance. If you don’t have it, ask if you need it. (My guess is, you do!) And if you do have it, is your coverage appropriate for your needs?
According to the International Risk Management Institute, electronic-data liability is “the exposure faced by individuals and organizations that may cause loss of, damage to, or inability to access or use electronically stored data.”
This exposure is excluded in standard general liability policies, but may be insured separately under a policy that covers “electronic-data incidents” resulting in damage to, loss of, loss of use of, corruption of, inability to access, or inability to properly manipulate, electronic data.
The migration of commerce from paper-based processes to computer-based processes has created the need for electronic liability insurance. Not only do the electronic records of your business pose a risk in and of themselves if they are used inappropriately, but your ability to conduct business (i.e., keep cash flowing) could be interrupted if the records were made inaccessible or damaged — maliciously or through
Why should you worry? Be aware that while you’re doing e-mail blasts to customers, billing them electronically, and communicating with them on your smart phone, computer hackers, identity thieves, and other malcontents (i.e., disgruntled or dishonest employees) could be watching. Your customers’ names, addresses, e-mail accounts, and credit card information are readily accessible not only to you, but also to anyone who knows how to get them.
If this information is stolen, it can cost you thousands of dollars. In fact, according to a study by the Ponemon Institute LLC, it costs $214 to recover a single record. If you have even 500 records in your data base, that’s $107,000 — an amount that can bankrupt a small company.
Even if you hire out for your data management, you are still responsible for any security breach. Because you collected the information initially, you must take care of following through to protect your customers’ privacy. Not doing so could be costly. Not only are there fines and/or penalties associated with the data-privacy laws, costs associated with customer notification, a security-breach investigation, and credit card monitoring can be steep. You also may incur costs for advertising or public rela- tions designed to minimize the harm to your company’s reputation.
First, take precautions on the inside. Carefully screen the employees who will have access to this data. Make sure they use passwords on their computers and practice good privacy habits. That means not walking away from the computer without closing an application. It means having a good password that is not shared with any one, and certainly not written on a sticky note above the computer. Encourage employees to change their passwords frequently and to use unusual combinations of upper and lower-case letters and numbers — not their initials or pet names.
Then, evaluate your insurance policy. If you don’t see evidence of electronic-data liability coverage, start asking questions. If not, an endorsement or “first party privacy coverage” can be added to the policy. Talk to your agent about evaluating the extent of this coverage based on your current and future electronic database use.
Don’t assume your agent has already taken care of it. When I met with one of my current clients to gain their business, I looked at what they had and what they needed. I noticed they needed data-protection insurance, but no one had discussed it with them. And they were an IT company!
If you’re doing business via e-commerce or even have a website, you have another source of potential cyber-claims. Make sure your insurance covers some of the more common risks that could harm your business, such as possible copyright infringement, website vandalism, electronic service attacks, and malicious or defamatory messages posted on your bulletin board or chat room. Again, even if a third-party vendor handles your site, you are responsible for claims against your company. Most business insurance policies do not cover these risks.
Your industry is changing. Protect yourself and your customers by making sure your insurance is changing too.
Matthew Stangle is an insurance agent with WSMT Insurance, which was named 2011 Business of the Year by the town of Bel Air, MD. Matthew is a member of the Heating and Air Conditioning Contractors of Maryland (HACC) and writes the insurance for several HVACR companies. He also ran a $5 million service location with 42 employees prior to joining the insurance industry.
- Premium Content -
This exposure is excluded in standard general liability policies, but may be insured separately under a policy that covers “electronic-data incidents” resulting in damage to, loss of, loss of use of, cor- ruption of, inability to access, or inability to properly manipulate, electronic data.
- Premium Content -
Typically, general liability includes three areas: bodily injury and property damage, personal and advertising injury, and medical expenses. Determine the amount of liability coverage you need by evaluating your potential risk, the state in which you operate (both its legal minimum and its history of awarding high damage amounts), and your personnel quality.