Hackers have plans for you, you can plan for them
When a hacker steals personal information about customers or employees, will you be covered?
By John Roberts, CIC — Advisor, Commercial Insurance
At 4:05:06 p.m., the single largest theft in the history of Billings occurred. You didn’t read about it in the paper. You didn’t hear about it on the news. But millions of dollars exchanged hands in a split second.
At exactly the same time, the director of information technology at a local Billings retailer noticed that the information system running the retail operations had shuttered for a few moments. The system was up and running within seconds and operations appeared to be moving along as normal.
In these few seconds, just a moment, all of the account information (including bank account numbers, credit card numbers, personal data, names, dates of birth, social security numbers, tax identification numbers, etc.) of 10,000 customers had been downloaded to an offshore account. The identities and financial data of the customers and employees were compromised. A business that took a lifetime to build was destroyed in an instant.
The above scenario did not happen, but what if it did happen to your business? How would you respond? Where would you go for help?
Business owners need to know that the standard business insurance policy does not respond to this type of loss. A typical general liability policy states that the insurer is obligated to “pay those sums that the insured becomes legally obligated to pay as damages because of bodily injury or property damage to which this insurance applies.” Customer and/or employee information are not included in the definition of either bodily injury or property damage.
Recently, the insurance marketplace started to respond to this significant exposure and a limited number of insurance carriers have stepped up to write coverage designed for such potential harm. There are only a handful of companies willing to take on the risks associated with corporate identity theft (CIT). And I am most pleased to say that my company is one of them.
These policies are typically broken down into three component coverages. They are:
1) Privacy Liability/Personal Identity Liability – any event involving an organization that has or could reasonably result in a fraudulent use of personal identification, that is or was in the care, custody or control of an insured.
2) Administrative Action – action brought by a federal, state or local regulatory agency for:
a. An investigation of the insured,
b. Negotiation of a consent order against the insured,
c. Formal adversarial administrative proceeding against the insured.
3) Identity Event Services – coverage for the following incurred business expenses:
a. Notification Costs – reasonable and necessary costs incurred by an organization for correspondence to any individual or business whose personal identity has been compromised (including costs for printed newspaper or media notification),
b. Crisis Expense – coverage for charges and fees for the hiring of a public relations firm, crisis management form or law firm retained for the purpose of restoring confidence in the organization’s customers,
c. Post Event Services – expenses incurred by an organization to provide services of identity theft education and assistance with credit monitoring for customers.
It is obvious that the world in which we do commerce is changing rapidly. As e-commerce continues to grow and be a regular part of our daily lives, the liability exposure to the main street business operation continues to change and grow as well. Business owners need to be aware of this significant exposure and the exclusions of coverage under the standard business insurance policy. Your business insurance package needs to continually be updated to reflect the changing exposures in the marketplace.
You have taken a lifetime to build your business — don’t let it be destroyed in an instant over a computer moment!
John Roberts is an Advisor in Commercial Insurance for Payne Financial Group. He can be reached directly at jroberts@pfgworld.com
