What it means to your client.
With the ever-expanding arena of technology-driven marketing, data usage and product sales, every one of your clients has an exposure to losses that are not covered under “traditional” insurance policies. Along with the expansion of technology use, come the people who will seek to exploit those areas for the own use, misuse, scams and general mischief.
Businesses and their commensurate risk can be broken down into four main areas:
1. Companies that use the internet to market their company
2. E-Commerce companies that exist on the internet sell their services or products or to provide information and content for use by website visitors or subscribers
3. Information Technology providers, such as website developers, systems analysts, computer consultants, software developers and the like
4. e-Professionals that provide their professional services over the internet
All of the above categories contain similar risks and each individual category contains risks that are unique to that sector. Knowing the difference will help you understand what coverage to look for in the marketplace as part of the challenge of today’s broker is that there is no common “name” for these coverages and each insurance company calls their Cyber coverage form something different.
Let’s start with the areas of risk that all four categories have in common:
- Property Losses
- Loss or theft of data – their own and their customers
- Denial of Service Attack (a program used by an outsider to send massive quantities of data to your client’s server causing it to shut down)
- Programming errors
- Hackers (outside intruders into the computer system
- Consequential business income and extra expense if the company’s Internet Service Provider shuts down
- Website extortion (a threat to shut down the website unless money is paid to the extortionist Third Party Losses
- Breach of system security
- Loss of business data and information such as customer lists
- Theft of customer names, email addresses, social security numbers resulting in breach of security claims as well as notification costs and, in some states, large fines and penalties and customer credit monitoring. The average cost for crisis management, notification, and credit monitoring is in excess of $100 per affected person.
- Transmission of a virus
- Intellectual property claims
- Infringement of copyright
- Articles reprinted without permission
- Improper use of video, audio, music (without permissions)
- Unauthorized use of software to build and operate the website
- Infringement of trademarks, service marks, trade dress
- Unauthorized use of a collective or certification mark
- Unauthorized use of another company’s logo, style of font, colors and graphics • Links or frames from other businesses’ websites
- Infringement of patents
- Many of the processes used on the internet have been patented, such as one-click or double-click shopping
- Advertising for others
- No revenue, but your client runs the risk of being named as a party to litigation involving the other company’s products or services arising out of their advertising
- Revenue, then your client has the same risk as above, but added to that is that they are now acting as a publisher and marketing company
The second category of E-Commerce can add the following exposures:
- International sales of products or services, unless restricted access is built into the website. That means that ALL of their insurance policies must be reviewed and adjusted for proper coverage. Example, sales of a product overseas could result in a product liability claim filed overseas. Crime exposures
- Use of a fraudulent credit card for the purchase
- Computer fraud exposure, meaning that a hacker can intrude and establish hundreds of small, fraudulent orders within the system that are then shipped and go unpaid to the business. For the third and fourth categories, technology and other professionals (such as legal and medical), add:
- Professional liability coverage that includes coverage for first party crisis management, public relations, information security breach and errors and omissions coverage that is specific to the type of technical services provided
Now that you have your “shopping list” of exposures, where’s the coverage for these risks? The basic answer will be found in cyber policies that include property, business income and extra expense, crime, third-party liability coverages. These policies should also include crisis management coverages to assist in paying such things as customer notification expenses, credit monitoring costs, penalties, punitive damages (where insurable by law) and defense costs. Until you become very conversant with this marketplace, use the list of exposures when speaking with your underwriters to identify whether or not the policy contains the needed basics and find out about policy enhancements, such as defense in addition to the limit of liability.
Bottom line, your clients have major risk exposures that can be covered by policies that are becoming easier to obtain and less expensive to buy. Don’t let a competitor bring this information to your client or wait until a loss occurs that is not covered.