Insurer Warns Some Cyber Policies Leave Gaps in Coverage

January 8, 2007

Security breaches are becoming more frequent as businesses increasingly rely on technology to store and transfer assets and sensitive information, such as customer names and credit card numbers. With each security breach, there is the risk that a lawsuit or regulatory action could damage a company’s reputation and do serious financial harm. Some retailers and financial institutions already have faced litigation and regulatory actions, and some of these firms are now trying to hold their technology vendors and others accountable.

“Any technology provider that sells a product or service that includes a security feature is at risk of being sued,” said Jim West, senior vice president at Chubb & Son and worldwide manager of Chubb’s Information & Network Technology segment.

But West warns that many technology companies buy insurance that does not address the many exposures related to security breaches. “Depending upon the circumstances, a single breach can trigger a variety of insurance policies, including crime, errors and omissions, employment practices liability, general liability, property and even directors and officers liability,” West said.

“With the advent of so-called ‘cyber’ policies, we are concerned that technology companies are buying insurance that addresses only one facet of the exposure,” he said. “Technology companies should take an enterprise-wide approach that includes insurance for business income, impairment of computer services, general liability, data recovery costs, privacy lawsuits, reputation injury and communications liability, and errors and omissions.”

Much has been written about “cyber” risks and the theft of information, money and identities through the Internet. Since February 2005, there have been more than 260 major security breaches involving nearly 100 million personal records, according to Privacy Rights Clearinghouse. But West warns that any organization that focuses just on its cyber exposures is not fully protected against security breaches.

In March 2006, for example, a laptop containing personal information on 196,000 workers at one company was stolen from a rental car in California. “Since the time when confidential papers were locked inside desk drawers and wall safes or otherwise hidden from public view, the duty to protect non-public personal information has been a fundamental business principle,” West said. “But the risk of losing sensitive information has risen dramatically because of the high concentration of data that can be stored on a computer hard drive.”

West advises technology companies to work closely with their agents or brokers and insurance companies to identify and address gaps in their insurance portfolio.

Source: Chubb Group of Insurance Companies

Was this article valuable?

Here are more articles you may enjoy.