I came across an eye opening article from Chartis Insurance Company about real claims scenarios of payments made by their Executive Liability policy form. Most of the payements are over $1,000,000 and involve data breach caused by hackers and rogue employees.
Read Article: Security & Privacy Claims Marketing Sheet
Source: Chartis Insurance Company, Security & Privacy Claims Scenarios, September 2010
Outside hackers, whether domestic or part of criminal gangs in Eastern Europe and Asia, get most of the media attention.
However, inside jobs by a company’s own employees account for 70% of all security incidents that result in losses according to some sources. This is know as authorized access for unauthorized use.
Employees, independent contractors, or employees of independent contractors who are disgruntled with management may steal confidential information such as credit card numbers, bank account information, or proprietary information such as trade secrets.
Most Cyber Liabilty policies only cover unauthorized access by outsiders. Make sure that your policy also covers authorized access for unauthorized reasons.
Source: Do You Need Coverage For Cyber Risks?, The John Liner Letter, Vol. 43, No. 7, June 2006
Over the past two and a half years, there have been over 225 million reported consumer data breaches. This year alone, there have been more than 30 million reported security breaches of consumer data. No one knows the actual numbers since it is suspected that most security breaches are unreported.
Most tech firms and regular businesses with exposure don’t have insurance to cover this exensive peril. Liability for the following categories of expenses are common in these breaches of security:
*Class action lawsuits
*Regulatory fines, fees, penalties
*Statutory notification expenses
Tech companies that collect confidential information or assist clients that do the same must make sure that their Professional Liability / Errors & Omissions policy is specially endorsed to respond to breach of security lawsuits. Non tech companies with exposure must make sure that their Cyber Liability policy does the same.
Source: S.H. Smith & Company, Inc. E Bulletin, 10-19-08
