“Insuring the Loss of Your Customers’ Data”

Abstract: Many businesses have extremely valuable information in electronic form. How can it be insured from loss, in particular, theft? What if your own employees steal it? What if it’s stolen by computer hackers or burglars? Is it a crime exposure, a liability exposure, or something else? Well, based on our investigation, it’s “something else” all right.

The stories of breached data security have become almost too familiar: An employee takes home a laptop against regulations. A hard drive is sent out for repair, but disappears. A disc with sensitive data is stolen from an office. For business owners and managers, the threat is real, and there is a need to protect against such violations of data security.

Big businesses are not the only targets of data theft. Doctor’s offices, retail shops, contractors, salespeople, and most other professions store personal information electronically. Sometimes, businesses that lose personal information are victims of sophisticated hacking schemes concocted by the most crafty computer cons. More often, data theft comes from the inside—a dishonest employee seeking wealth or a disgruntled employee seeking revenge. Regardless of culprit, victims, including employees, customers and others shoulder the risk of someone else’s access to their information.

Information stolen from your business can result in significant costs, including the following:

• Expenses you incur to inform those who may be victims of the theft.
• Expenses you incur to replace the data and income lost during the recovery process.
• Victims will incur expenses to recover lost information and expect you to pay for it.
• Victims will likely no longer do business with you, resulting in lost income.
• Victims who suffer financial losses resulting from identity theft may sue you for their damages.
• Personnel may lose confidence in you and seek employment elsewhere.

Traditional insurance products—such as general liability, property, business income and crime insurance—are designed to cover losses to tangible property. Since information is intangible, the insurance your business currently buys will not go far in covering this exposure.

Some insurance companies have created products to address data theft that occurs electronically, such as when someone uses a computer to steal electronic data. These policies may cover costs you incur to restore the data, including lost income. Others may cover liability, helping you cover costs incurred by others who are victimized by the theft of your data. Such policies are often called “Cyber Risk” or “Cyber Insurance” policies.

Data theft and the unpredictable methods by which it can happen are why there is no substitute for an effective data security plan. Please call us today for information on how a cyber insurance policy could fit your business.

Copyright 2008 by the Independent Insurance Agents & Brokers of America, Inc. All rights reserved.

For guidelines on reprinting this article, go to http://www.iiaba.net/VU/Lib/ArticleReprints.htm.

NOTE: Policy coverages and circumstances can change at any time, so the information above may not be accurate at the time of reprinting or subsequently to that time. IIABA does not assume and has no responsibility for liability or damage which may result from the use of any of this information. The most current, up to date version of this article can be found at IIABA’s Virtual University at http://www.iiaba.net/VU.