“Cyber” Liability is insurance coverage specifically designed to protect an organization from:
- Liability claims involving the unauthorized release of information for which the organization has a legal obligation to keep private or confidential
- Liability claims alleging invasion of privacy and/or copyright/trademark violations in a digital, online or social media environment
- Liability claims alleging failures of computer security that result in deletion/alteration of data, transmission of malicious code, denial of service, etc.
- Defense costs in state or federal regulatory proceedings that involve violations of privacy law
- The provision of expert resources and monetary reimbursement to the Insured for the out-of-pocket (1st Party) expenses associated with the appropriate handling of the types of incidents listed above
While the term “Cyber” implies coverage only for electronic hacking or online activities, this product is much broader, covering private data and communications in many different formats—paper, digital or otherwise.
This is not already covered under most business insurance plans. While liability coverage for data breach and privacy claims has been found in limited instances through General Liability, Commercial Crime and some D&O policies, these forms were not intended to respond to the threats posed in today’s 24/7 information environment. Where coverage has been afforded in the past, carriers (and the Insurance Services Office) are taking great measures to include exclusionary language in form updates that make clear their intentions of not covering these threats.
If e-commerce functions such as payment processing or data storage are outsourced, do I still need this coverage?
The responsibility to notify customers of a data breach or legal liabilities associated with protecting customer data, remain the responsibility of the Insured. Generally speaking, business relationships exist between Insureds and their customers, not their customers and the back-office vendors the Insured uses to assist them in their operations. Outsourcing business critical functions such as payment processing, data storage and website hosting can help insulate Insureds from risk, however, the contractual agreement wording between Insureds, their customers and the vendors with whom they do business will govern the extent to which liability is assigned in specific incidents.
Tom Walker is area executive vice president for RPS-Bollinger – Sports & Leisure. He has served on several club boards and committees, and is a recognized authority on club insurance issues. He can be reached at 800-446-5311 (ext. 8098) or [email protected].