Outside hackers, whether domestic or part of criminal gangs in Eastern Europe and Asia, get most of the media attention.
However, inside jobs by a company’s own employees account for 70% of all security incidents that result in losses according to some sources. This is know as authorized access for unauthorized use.
Employees, independent contractors, or employees of independent contractors who are disgruntled with management may steal confidential information such as credit card numbers, bank account information, or proprietary information such as trade secrets.
Most Cyber Liabilty policies only cover unauthorized access by outsiders. Make sure that your policy also covers authorized access for unauthorized reasons.
Source: Do You Need Coverage For Cyber Risks?, The John Liner Letter, Vol. 43, No. 7, June 2006
When analyzing a Cyber Liability policy for adequacy, the following specific risks may or not be covered:
* Errors & Omissions resulting in pue economic damages (needed for accounts that perform Cyber releated professional services for a fee for others)
* Personal injury such as libel (usually excluded under General Liability for accounts with Cyber exposure)
* Advertising injury such as inaccurate statement about a competitor (usually excluded under General Liability for accounts with Cyber exposure)
* Copyright infringement
* Trade or service mark infringement
* Patent infringement (difficult to obtain on Cyber Liability policy, may need to buy stand alone policy to insure this risk)
* Computer viruses, trojan horses, malware
* Unauthorized access by outsiders to confidential data
* Authorized access by insiders for illegal purposes
* Breach of security
* Loss of use
* Business interruption
Businesses should discuss the exposure to each of the above risks with their risk manager or insurance agent and decide which ones are necessary to be included in the coverage form. Don’t assume that all of these risks are covered without a specfic coverage grant in the policy language. Since Cyber Liability coverage forms are not standardized like may other policy forms, coverages tend to vary greatly from one carrier to the next.
Source: With Computers Under Seige, Cyber Insurance Rides To The Rescue
