The spammers and cyberthieves haven’t given up and gone home. Instead they are moving with the times and stirring up trouble in other ways, targeting smartphones and social networkds, which offer vast amounts of personal information.

The popularity of “apps” is opening the door to a wide range of suspicious and malicious applications. Locative services such as Foursquare and Fowalla are also a potential problem. These services allow you to easily search, track, and plot the wherabouts of friends and strangers. But cybercriminals can use this information to craft targeted attacks, according to McAfee.

The main way to combat breaches, [Beeson] said, is by encrypting the information. But the McAfee report noted that because of our historically fragile cellular infrastructure and slow strides toward encryption, user and corporate data may face serious risks.

Source: Patricia Vowinkel, February 17, 2011

“Cyber liability coverage has evolved from just liability insurance for information technology companies to coverage that nearly every class of business should have if they don’t already.”  Many businesses including banks, restaurants, retailers, and medical offices are unaware of the great security technology exposure they face. 

In addition, the internet is not the source of all data breach problems.  Lower tech breaches commonly arise that are caused by leaving password notes out in plain view, theft of laptops, and improper disposal of medical records.

“Recent state laws require companies that have experienced a security breach to notify all customers that could be affected by the breach that their information has been compromised, even if the information hasn’t been used.  In most cases, the notification also includes an option of one year credit monitoring services and a new card or account number for customers.”

More than 40 states have data breach notification laws and insurers expect a federal cyber notification law at some time in the near future.  The average per customer cost for a security breach is $15 and this does not include loss of reputation. 

Source: http://www.mynewmarkets.com/articles/107853/security-breach-notification-laws-reinforce-need-for-cyber-insurance

* Errors & Omissions resulting in pue economic damages (needed for accounts that perform Cyber releated professional services for a fee for others)

* Personal injury such as libel (usually excluded under General Liability for accounts with Cyber exposure)

* Advertising injury such as inaccurate statement about a competitor (usually excluded under General Liability for accounts with Cyber exposure)

* Copyright infringement

* Trade or service mark infringement

* Patent infringement (difficult to obtain on Cyber Liability policy, may need to buy stand alone policy to insure this risk)

* Computer viruses, trojan horses, malware

* Unauthorized access by outsiders to confidential data

* Authorized access by insiders for illegal purposes

* Breach of security

* Loss of use

* Business interruption

Businesses should discuss the exposure to each of the above risks with their risk manager or insurance agent and decide which ones are necessary to be included in the coverage form. Don’t assume that all of these risks are covered without a specfic coverage grant in the policy language. Since Cyber Liability coverage forms are not standardized like may other policy forms, coverages tend to vary greatly from one carrier to the next.

Source: With Computers Under Seige, Cyber Insurance Rides To The Rescue

Most tech firms and regular businesses with exposure don’t have insurance to cover this exensive peril. Liability for the following categories of expenses are common in these breaches of security:

*Class action lawsuits

*Regulatory fines, fees, penalties

*Statutory notification expenses

Tech companies that collect confidential information or assist clients that do the same must make sure that their Professional Liability / Errors & Omissions policy is specially endorsed to respond to breach of security lawsuits. Non tech companies with exposure must make sure that their Cyber Liability policy does the same.

Source: S.H. Smith & Company, Inc. E Bulletin, 10-19-08