Frequently Asked Questions about Cyber Risk

“Does my General Liability policy cover me against cyber risk?”

A typical General Liability policy (or business package policy) is not intended to provide coverage for cyber risks. Most property forms protect the physical presence of computers, but not the data stored on them. The General Liability form excludes claims of copyright, trademark and trade secret infringement. Review your policies to make sure you understand the coverage limitations for cyber risk.

“We have an IT department and we have firewalls and therefore do not have a cyber risk.”

This is usually not true. Data Breach incidents are on the rise. Many data breaches occur because of an employee error or an “inside job” from rogue employees.  A large portion of security breaches happen because of your employee actions; from passwords tacked on computer screens and employees opening suspicious email and downloading malware to lost laptops and smart phones. Keep in mind that a data breach can also occur from paper records as well. Outdated customer information or employee files that have been thrown into the dumpster are just as vulnerable as if a hacker logged into your network.

“What is Data Breach Notification”?

Data Breach Notification laws have been passed in almost all states mandating notification to all affected customers/clients in the event of a breach. In California, for example, SB24 requires the inclusion of certain content in data breach notifications including a description of the incident, the type of  Personally Identifiable Information (PII) breached, the time of the breach, the toll-free numbers and the addresses of credit-reporting agencies. In addition, SB 24 requires the breached business to send an electronic copy of the notification to the CA Attorney General if a single breach affects more that 500 residents.

“We use a third party for credit card transactions.  Do we still need cyber liability coverage?”

If you are processing credit card payments on-line or are utilizing a third-party or cloud vendor, your customers’ personal information is still your responsibility in the event of a data breach.

Every organization with a website and/or who keeps electronic data has a cyber risk exposure and should purchase some form of cyber risk coverage protection. While there is no standard Cyber Risk policy form, many insurance carriers offer similar coverages. Review cyber coverages with your broker.  For a quote, simply call our office. Several Insurance Companies also include free consulting services i.e. Regulatory Consulting, Personalized Breach Consulting and Media Relations Consulting, etc.

*This is for informational purposes only. Consult your attorney regarding legal or compliance matters.