Cyber Liability: New Exposures Presented by: CONRAD INSURANCE © 2007, 2010-2011, 2013-2014 Zywave Inc. All rights reserved.
Cyber Liability: New Exposures
Presented by: CONRAD INSURANCE
© 2007, 2010-2011, 2013-2014 Zywave Inc. All rights reserved.
New Economy, New Exposures
• Business shift:• “Bricks and Mortar” to
“Clicks and Orders”• Online business is bigger
than ever
• Public Web presence for all to access
• Explosive growth in the 21st century
• One billion websites and growing!
New Exposures
• Net expansion outruns General Liability (GL) coverage• Existing policies do not account for Web-based
liabilities• Data theft is commonplace• Increasing intellectual property liability
claims
New Exposures
• Employee misuse of websites, emails and other electronic communications that involve:• Harassment of other employees or outside
individuals• Accidental or purposeful slander or copyright
infringement• Use of pirated or unstable software• Misuse of company data
Economic Exposures
• Trademarks• Copyright implications• Intellectual property
rights• Defamation• Security• Systems failures
Trademarks
Risks:• Cyber-squatting
• Registering domain names without consent• Deep linking
• Linking to Web pages within sites• Using unauthorized links
• To websites without consent
Copyright Implications
Risks:• Unlicensed duplication of
copyrighted material• Theft or unauthorized
distribution of trade secrets, customer lists, etc.
Intellectual Property Rights
Risks:• Website content
• Ownership issues• Who owns what content?• What is the scope of the licenses?• Patent infringement
How to manage:• Decrease legal liability with “terms-of-use”
agreement• Security and encryption concerns
• Review methods of authenticating information
Defamation
Risks:• Defamatory statements
• Opinions versus facts• Postings
• Via websites• Forums• Publications• Blogs• Online bulletin boards
Data Security
Risks:• Collection, storage and use of
information• Privacy issues• Security breaches
Risk Management:• Data Security Policy• Data Encryption• Employee Training• Transfer liability to third-party
vendor
Systems Failures
Risks:• Virus attacks• Physical damage or
interruption to servers• Natural disasters
Employee-Related Exposures
Employment liabilities• Privacy violations• Discrimination and
harassment
Privacy Violations
• Employees claim their privacy rights were violated after the employer reviewed emails or personal files
• Employees claim privacy violations for website tracking or blocking of Internet sites
Discrimination and Harassment
• Employees receive unwelcome verbal, visual or physical conduct that is sexual or discriminatory in nature• Conduct interferes with employee’s work• Employee feels violated and uncomfortable on the
job• Conduct occurs via email, forum posts on the
Internet or by physically showing another employee explicit websites
• Misuse of social media can open a company up to a variety of risks
• Keep track of what’s being said about your company online, through social networks and blogs
Social Media Exposure
Cyber Liability Insurance
• Scope:• Any company with a Web presence or performing
e-commerce activities• Coverage:
• Intangible economic losses• Destruction of home pages• Network and server failure• Unauthorized obstruction of customer information• Restoration costs• Fake orders• Viruses• Industrial espionage
• Base Rates:• Overall revenues
Solution Options
Internet Liability Insurance
• Covers for loss caused by fraudulent alteration or destruction of electronic information such as:• Malicious copying of trade secrets• Extortion, virus versus ransom• Loss of business income caused by virus or
destruction of electronic information
Solution Options
Media Liability Insurance
• Includes coverage for:• Libel and slander• Invasion of privacy• Infringement of copyrights
• Intellectual Property• Network Security• Product Recall
Features
• Occurrence policy • Claims Made Policy with extended reporting
periods (ERP)• Duty to defend• Punitive damages• Jurisdictional
Possible Exclusions
Typically, a traditional Commercial General Liability (CGL) policy will afford you coverage for business interruption, intellectual property damage, and similar losses.
However, insurers are avoiding liability by including specific exclusions and requiring endorsements for this coverage.
Therefore, a careful review of policy language is necessary.
Claim Example
ü Corrupted data
Example: A communications company sues for lost revenue and expenses to recover billing files for wireless customers that were deleted by their software vendor who was updating the system.
Indemnity Paid: $750,000Defense Costs Paid: $150,000
More Examples
n 130 million credit card numbers were stolen from Heartland payment Systems (HPS) by an outside hackern HPS’s stock price had fallen 74% 45 days after the breachn The breach cost HPS upwards of $70 million
n Kaiser Permanente was fined $200,000 for publicly posting 150 patient names, addresses and medical records on their website
n A 2012 data breach insurance claims study done by Net Diligence found that the average cost of legal defense for a data breach was $582,000 and the average cost of a settlement was over $2 million!
Cyber Liability: New Exposures
New Solutions from CONRAD INSURANCE