UNDERSTANDING THE PROBLEM
Today’s companies rely fairly heavily on technology to deliver a product or service, and those who take advantage of modern technology are in a better competitive position relative to their peers. Unfortunately, in today’s world, any business owner, large or small, with a Web site now has the legal liabilities of a publisher. Ah yes, the technology wonder, the Internet, which gives us the power to surf the web, write emails, tweet, and even run a business from our “portable devices,” has spun a whole new web of liability exposures. Additionally, Data Breach exposures exist with Personal Identifiable Information (PII) thefts occurring with alarming frequency. Do you collect any personal data from your customers?
1) Inappropriate email use by employees leaves employers vulnerable to lawsuits with settlements in the tens of millions of dollars.
2) The Supreme Court has ruled that employers are responsible for email because these systems are an asset of the company.
3) Email falls into the EEOC’s definition of sexual harassment.
4) Costs for judgement for an employee discrimination and harassment cases have routinely hit $10,000,000 or more. Legal defense and lawsuit related fees are often greater than $1,000,000.
5) 50% of small businesses experience a security breach .
6) 4 out of 10 customers will consider leaving you if a breach occurs.
7) 2 out of 10 customers will leave you immediately if a breach occurs.
8) The cost to respond to a date breach is estimated to be $188 per customer.
9) An average computer is scanned by automated scripts 24 hours per day, 7 days a week looking for vulnerabilities.
Your General Liability insurance policy use to provided coverage for Liability lawsuits arising from these types of risks. That coverage was removed by the insurance industry recently. Did you know that?
Small businesses are the most vulnerable because their operations are generally not sophisticated enough to properly safeguard the organization. Large corporations have the manpower and finances to employ experts to make sure their computers are not hacked, and their employees are more likely to be mindful of what they write on emails, websites, and tweets. At least that was the prevailing thinking until Target, PFChangs, Google, and Neiman Marcus ran into data breach trouble. Businesses that use a third party or cloud vendor to store data are still responsible in the case of a data breach. Firewalls will provide very little protection in the face of employee error, rogue employee actions, or lost laptops, tablets, and smartphones. Even when small business owners recognize the risks, they are hesitant to incorporate the proper insurance into their risk management strategy. Many fear adding to their already high insurance bill.
ADOPT A STRATEGY – THE SOLUTION
The exposure faced by the insurance industry was far too great to continue to provide coverage for the most important information on the most breached aspect of running a business. This is not the first time the insurance industry has reacted in this manner. We have seen them exclude eartquakes, asbestos, pollution, and employment practices coverage, to name just a few. Ten years ago, data breach and cyber liability exposures didn’t even exist. And when they did, the target was larger companies. Today, even a single identity theft has significant value on the black market.
What to do? Well, once you have agreed that this is a risk to your business and well-being, you have three options: (1) Eliminate the risk, (2) Reduce the risk, or (3) Transfer the risk. Options # 1 and #2 would require you to stop using your computer. Option # 3 is where you should spend your time getting educated. Transferring the risk would be accomplished by the purchase of a Data Breach and Cyber Liability insurance policy that includes coverage for media liability. Virtually anything a company or its employees does gathering and distributing information to the public through websites or other communication (email, social media, desktop publishing) is covered against claims, including: defamation, libel, invasion or privacy, copyright and trademark infringement, unfair competition, piracy, and plagiarism.
Is Data Breach and Cyber Liability an issue for you? If you answer “Yes” to any of the following questions, you should consider starting a dialogue with your risk advisor as quickly as possible:
1) Do you keep customer personal identifiable information? Y or N
2) Do you keep employee personal identifiable information? Y or N
3) Do you use email? Y or N
4) Do you use a credit card swiping device? Y or N
5) Do you back up your company data to a “Cloud” provider? Y or N
6) Do you have a website? Y or N
7) Do you /your employees have access to your company’s Facebook page? Y or N
8) Do you /your employees tweet? Y or N
When it comes to protecting your business, HOPE is never a good strategy. Spending time with a professional insurance advisor can help you identify risks, especially new ones, like Data Breach and Cyber Liability. This will ensure that you will be prepared when faced with a potential claim.
Many businesses, and individuals, usually find out at claim time what coverage they have, or sadly, what insurance coverage they don’t have. Instead of simply purchasing an insurance policy, take the time to get educated and truly understand the dangers you face as a business owner. Your insurance advisor should be one of your most trusted business partners.
John Yasik is President and Senior Insurance Advisor at Poland & Sullivan Insurance located in downtown Newark, Delaware.He is a Certified Insurance Counselor with thirty one years’ experience of providing insurance advice and has been an advisor to the Small Business Development Center since 1989.
Poland & Sullivan is the only insurance firm in Delaware uniquely qualified to handle your Personal, Business, Life, Health, and Financial Services needs. Their insurance and investment services are handled by seasoned professionals,which make it easier for one firm to coordinate all of your personal and professional goals.