Got Internet? Get Cyber Insurance, Brokers Advise
YOUNGSTOWN, Ohio -- The employee didn’t mean to but she got her company in hot water anyway.
Diana Pringey, a commercial insurance agent with Gem-Young Insurance & Financial Services in Canfield, relates how the employee of a policyholder sent a form letter to 100 clients but neglected to change the Social Security number for each, “so one person’s Social Security number went out to 100 people,” she says.
This illustrates the extent of the harm a computer can create in hardly any time and the need for insurance coverage that didn’t exist 25 years ago.
“We’re just starting to have a lot of that offering now,” Pringey reports. “In fact, that’s something that I [routinely] put on my proposals now because of the real fact out there that there is a lot of cyber theft.”
Relatively new types of insurance such as cyber liability are among, but far from the only, areas of exposure many companies neglect in their policies, Pringey and other representatives of insurance and risk management firms discuss.
“The reality is the world is ever-changing so there’s always different exposures as time goes on,” remarks Jim Klingensmith, partner and certified insurance counselor with L. Calvin Jones & Co., Canfield.
Society’s expanded use of technology is among the areas that have affected insurance coverage for businesses, making protection from cyber liability increasingly important. “They may think they’re not exposed,” says Klingensmith, “but they’re exposed one way or another.”
Recognition of cyber liability has become more prominent in recent years. It wasn’t that long ago that small-business owners felt that it couldn’t happen to them, says Tom Costello, president of James & Sons Insurance, Boardman. Now, because large corporations have publicly acknowledged data breaches, smaller businesses are more receptive to discussing their exposure.
“It doesn’t just happen to the Macy’s and the Sears [stores.] It can also happen to the small mom-and-pop stores,” Costello warns. “It is becoming more prevalent.”
In one instance that James & Sons dealt with, a company was engaged in research for a client about to introduce a new product, Costello says.
“Imagine if somebody hacked into that information,” he says. “We’re talking to one- or two-man doctor operations because of all the information that’s in their computer.”
A company can be exposed to cyber liability from various routes, including an individual hacking into its system and accessing names, addresses, Social Security numbers and other personal data.
Because of that, companies that deal on the Internet have “a huge exposure,” Klingensmith says. They could also be vulnerable because of “old-school” dumpster diving, which he says good cyber liability coverage will address.
Most insurance brokers do not regularly offer cyber liability coverage even though most, possibly all, companies have a cyber exposure, says Mike Hillman, chief risk management officer for Donald P. Pipino Co. Ltd., Boardman.
The cost to companies to address these breaches, which include notifying the individuals whose data has potentially been breached and providing credit monitoring, averages around $250 per record.
In addition to unauthorized access to client information, one aspect of cyber liability companies face is media liability, where an individual might make comments on social media for which the company can be held accountable.
“You have so many people now using LinkedIn, Facebook and so on,” says Mary Pipino, CEO of the insurance risk management firm.
Someone posting about an upcoming meeting with a prospective new client might “leak some type of confidential information and don’t mean to, or they let a trade secret out of the company that they don’t realize is a trade secret,” Pipino says. “They could cause a tremendous amount of problems and damages.”
Sometimes companies don’t purchase separate cyber liability policies because they may have coverage through homeowner or car insurance policies, or might have it though a bank or credit card issuer, says Gem-Young’s Pringey.
Companies could find themselves exposed because of their liability resulting from other issues. For example, many employers neglect to cover themselves in the event of employee dishonestly and fraud coverage, says James & Sons’ Costello.
Although employers “love to believe” their employees won’t steal from them, the temptation is greater today because of the fragile economy, he remarks.
“So we do talk a lot about employee dishonesty and fraud coverage,” he adds.
“Another thing that we run into,” Costello says, is whether companies choose to insure for cash value, which normally depreciates over time, or for replacement costs, which could be substantial in the case of a large lathe or equipment for computer-aided design and/or manufacturing, for example.
Stopgap insurance, intended to cover the difference between what an injured worker would receive through Ohio’s workers’ compensation system and additional moneys they might seek, is intended to address another area of potential liability for employers.
The policy is “specific to Ohio and just a very few number of states in the country because Ohio is what we call a monopolistic state,” meaning employers are required to purchase their workers’ compensation coverage through the state, Pringey says.
If an employee injured at work through fault of the employer decided the compensation awarded through workers’ compensation was insufficient and sued for pain and suffering, “That’s where stopgap insurance comes in,” she says.
When companies choose not to get that coverage, cost is an issue. “Some people don’t feel their exposure is that great,” she says.
“It’s relatively inexpensive,” Pipino’s Hillman says. Oftentimes it can be added onto a policy for little or no additional premium.
Another coverage area that has evolved is employment or business practices liability – to protect against exposure through allegations of harassment, discrimination or wrongful termination.
“This coverage didn’t even exist 25 years ago,” Hillman says. An employment practices policy is a stand-alone policy purchased independently of a company’s liability program and often isn’t purchased.
“It’s going to defend the company through those allegations. If they’re found to be substantiated, it’s going to pay the damages,” he continues.
In addition, a company can purchase coverage to address harassment of an employee by a third party such as a customer or vendor.
Even if the steps to justify the action are well-documented, “you still have to hire a lawyer to defend yourself,” Costello says.
“Typically for restaurants that’s important, fast-food places,” Pringey says. “The types of places where you’re going to have employees of a certain age group, it’s pretty important to have that.”
First published in the print edition of The Business Journal, Youngstown, Ohio.
CLICK HERE to subscribe to our twice-monthly print edition.
Copyright 2013 The Business Journal, Youngstown, Ohio.