Twenty years ago, most companies maintained their files in rows and rows of filing cabinets. In order to access information from a file, it would be necessary for a person to go to the filing cabinet and actually retrieve the document which was being sought. If a third-party wanted to steal a company’s information, it would be necessary for that person to enter the company’s premises and either copy the documents on-site, or figure out a way get those documents out of your office.
In the last decade, technology has revolutionized the way documents and data are maintained. Those millions of pages of documents which were formerly kept in the rows of filing cabinets have been converted to digital data residing in the cyber world. Data is now accessed through computers, iPhones, and tablets.
New risks have accompanied this digital revolution. It seems as though each week’s headlines bring news of data breaches in which electronic information has been stolen from large companies. Information such as social security numbers, health information, bank account numbers, and credit card information are frequently the targets of such cyber-theft. Companies who are victims of these attacks can suffer enormous financial losses as well as damage to their brand names.
Some companies who were impacted by data breaches were able to obtain coverage from their CGL carriers under section (b) of their policies, which cover claims arising from “personal and advertising injury”. However, newer CGL insurance policies have eliminated coverage for losses arising from data breaches.
Over the last few years, insurance companies have started selling “cyber insurance”, which is specifically tailored to cover losses associated with data breaches and computer hacking. These policies can provide coverage for loss of digital assets and business interruption. In addition, insurance can be obtained to cover crisis management expenses, and the cost of defending lawsuits filed by those who may have been harmed by the unauthorized release of information.
Any business, large or small, which electronically stores and accesses its data is vulnerable to cyber theft. Losses can be staggering, and today’s CGL policies do not provide coverage for such losses. Cyber threats are a real risk, and prudent businesses would do well to see what sort of insurance programs might best provide the appropriate coverage for their businesses.
Sidney J. Hardy
October 7, 2014