Return to the home page

Protecting Against Data-Related Risks

Originally published: 01.01.12 by Matthew Stangle

Insurance coverage for electronic liability is not automatic.

When you meet with your insurance agent this year, be sure to ask about electronic-data liability insurance. If you don’t have it, ask if you need it. (My guess is, you do!) And if you do have it, is your coverage appropriate for your needs?

What is electronic liability?

According to the International Risk Management Institute, electronic-data liability is “the exposure faced by individuals and organizations that may cause loss of, damage to, or inability to access or use electronically stored data.”

This exposure is excluded in standard general liability policies, but may be insured separately under a policy that covers “electronic-data incidents” resulting in damage to, loss of, loss of use of, corruption of, inability to access, or inability to properly manipulate, electronic data.

The migration of commerce from paper-based processes to computer-based processes has created the need for electronic liability insurance. Not only do the electronic records of your business pose a risk in and of themselves if they are used inappropriately, but your ability to conduct business (i.e., keep cash flowing) could be interrupted if the records were made inaccessible or damaged — maliciously or through an accident. This, too, would constitute a loss.

Why should you worry? Be aware that while you’re doing e-mail blasts to customers, billing them electronically, and communicating with them on your smart phone, computer hackers, identity thieves, and other malcontents (i.e., disgruntled or dishonest employees) could be watching. Your customers’ names, addresses, e-mail accounts, and credit card information are readily accessible not only to you, but also to anyone who knows how to get them.

If this information is stolen, it can cost you thousands of dollars. In fact, according to a study by the Ponemon Institute LLC, it costs $214 to recover a single record. If you have even 500 records in your data base, that’s $107,000 — an amount that can bankrupt a small company.

Even if you hire out for your data management, you are still responsible for any security breach. Because you collected the information initially, you must take care of following through to protect your customers’ privacy. Not doing so could be costly. Not only are there fines and/or penalties associated with the data-privacy laws, costs associated with customer notification, a security-breach investigation, and credit card monitoring can be steep. You also may incur costs for advertising or public rela- tions designed to minimize the harm to your company’s reputation.

Take basic precautions

First, take precautions on the inside. Carefully screen the employees who will have access to this data. Make sure they use passwords on their computers and practice good privacy habits. That means not walking away from the computer without closing an application. It means having a good password that is not shared with any one, and certainly not written on a sticky note above the computer. Encourage employees to change their passwords frequently and to use unusual combinations of upper and lower-case letters and numbers — not their initials or pet names.

Then, evaluate your insurance policy. If you don’t see evidence of electronic-data liability coverage, start asking questions. If not, an endorsement or “first party privacy coverage” can be added to the policy. Talk to your agent about evaluating the extent of this coverage based on your current and future electronic database use.

Don’t assume your agent has already taken care of it. When I met with one of my current clients to gain their business, I looked at what they had and what they needed. I noticed they needed data-protection insurance, but no one had discussed it with them. And they were an IT company!

Other common e-risks

If you’re doing business via e-commerce or even have a website, you have another source of potential cyber-claims. Make sure your insurance covers some of the more common risks that could harm your business, such as possible copyright infringement, website vandalism, electronic service attacks, and malicious or defamatory messages posted on your bulletin board or chat room. Again, even if a third-party vendor handles your site, you are responsible for claims against your company. Most business insurance policies do not cover these risks.

Your industry is changing. Protect yourself and your customers by making sure your insurance is changing too.   

Matthew Stangle is an insurance agent with WSMT Insurance, which was named 2011 Business of the Year by the town of Bel Air, MD. Matthew is a member of the Heating and Air Conditioning Contractors of Maryland (HACC) and writes the insurance for several HVACR companies. He also ran a $5 million service location with 42 employees prior to joining the insurance industry.

About Matthew Stangle

Matthew Stangle

Matthew is vice president, managing partner at InsuranceForce, based in Annapolis, MD. As the leader of the company's Risk Management Division, Stangle created the "Safety Saves" program for the HVAC market, and he has implemented other similar programs for clients in various industries. His work was recognized by the National Safety Council, and he was among 41 honorees selected from around the world to the 2014 Class of the NSC Rising Stars of Safety, presented by DuPont Sustainable Solutions. In addition, Stangle was named HACC Associate Member of the Year 2014 for his support of the HVAC industry. He is a member of the Board of Directors of HACC. For more information, visit

Articles by Matthew Stangle

Risk Management Shouldn’t Be Risky Business

Instead of focusing on finding the best insurance policy for when an accident occurs, why not focus on preventing it from happening in the first place?
View article.

When Safe Equals Savings

Businesses that have a strong safety culture in place have fewer losses. By communicating these preventive measures, your business can save on insurance premiums.
View article.

Protecting Against Data-Related Risks

This exposure is excluded in standard general liability policies, but may be insured separately under a policy that covers “electronic-data incidents” resulting in damage to, loss of, loss of use of, cor- ruption of, inability to access, or inability to properly manipulate, electronic data.
View article.

Do You Have Too Much Liability Coverage?

Typically, general liability includes three areas: bodily injury and property damage, personal and advertising injury, and medical expenses. Determine the amount of liability coverage you need by evaluating your potential risk, the state in which you operate (both its legal minimum and its history of awarding high damage amounts), and your personnel quality.
View article.