Internet Liability Exposures, Identity Theft & Technology Insurance – Part 1

January 12, 2014

By Brent Allen
Allen Financial Insurance Group
www.eqgroup.com

It has been said that Insurance may be the second oldest profession in the world with its roots going back thousands of years.  In the first millennium BC the inhabitants of Rhodes allowed groups of merchants to pay to insure their goods being shipped together.  Ocean Marine insurance is still a huge part of the insurance marketplace today.

As civilization, its laws and business practices evolved so did the insurance products needed to protect society.  As you can imagine, the insurance industry did not experience a history of radical change as it tracked a rather predictable evolution until the industrial revolution which changed everything.

In the 20^th century the insurance industry has gone through unprecedented rapid and dramatic changes.  When Henry Ford made the first production line car in 1908 America discovered a need for automobile insurance and eventually workman’s compensation insurance.  Exposures that were not known to exist when products were originally manufactured are now major sources of litigation.  Billions of dollars have been paid out on products that were considered safe such as asbestos and tobacco.

In the 1980’s the world wide network or internet came into being.  Driven by unimaginable amounts of online information, commerce, entertain and social networking data our lives have been changed forever.  Every day both consumers and business are being told that new liability exposures are being discovered..

The internet has become a goldmine for litigation attorneys.  Entire practices are dedicated to suing ecommerce companies for violation of intellectual property, copyright and patent infringement, liable, slander, data breach and identity theft. Business has discovered that conducting ecommerce is fraught with unseen liability hazards that can come with a big price tag.  The need for Technology Insurance has been born.  In December 2013, Target experienced a sixteen day breach in its debit and credit card processing system exposing 70 million customer’s data.  It is unclear what actual damages will be suffered by Target customers but it is estimated the current costs will exceed one hundred million dollars in addition to their damaged reputation.  Consumer sales fell 4% after the disclosure even after Target offered a 10%, across the board, apology discount to all shoppers.  Target is now offering a year of credit tracking and protection services to any customer asking for it.

Headlines like these are big news but how can small business relate to them?  Turn the volume down a notch and this can be any consumer business in America .  News bulletins about data breaches have become commonplace but most never make national news.  “What you are seeing now is hackers gone wild” says Hemanshu Nigam, a former federal prosecutor and founder of the online security company SSP Blue.

Every state now has a data breach notification statute.  For example, California law requires a business to notify any California resident whose unencrypted personal information was acquired, or reasonably believed to have been acquired, by an unauthorized person.  The law also requires that a copy of a breach notice, sent to more than 500 California residents, must be provided to the California Attorney General. Below is a list of those sample breach notices.  The cost of a real or suspected data breach to any small business can be devastating.

Consumers and business can protect themselves from data breaches and identity theft by taking steps to protect their data and adding data security insurance to your homeowners or business policy.  Technology insurance policies and endorsements now exist to defray the costs of dealing with a data breach.  Insurance is obviously not a cure but only a mechanism to prevent catastrophic loss.

Today, every business must implement security procedures to prevent mistakes made by employees and systems in the first place.  According to the 2013 Cost of a Data Breach study, negligence and system glitches together accounted for 64 percent of data breaches last year. These can include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.

Employee mistakes can be just as damaging as a breech caused by a cybercriminal.  Two thirds of data breaches can be easily avoided if simple rules and procedures are followed.  Symantec, a major internet security company, recommends these best practices to prevent a data breach and reduce costs if one occurs:

1. Educate employees and train them on how to handle confidential information.
2. Use data loss prevention technology to find sensitive data and protect it from leaving your organization.
3. Deploy encryption and strong authentication solutions.
4. Prepare an incident response plan including proper steps for customer notification.

About the Author
Brent Allen is CEO of Allen Financial Insurance Group.  Established in 1971, Allen Financial is a national provider of commercial specialty insurance programs.  Mr. Allen is considered to be one of the leading experts in technology insurance and risk management.  AFIG Insurance products are distributed through a national network of over 2,500 insurance professionals.

[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Website’ type=’url’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]