$3,000,000 spent and nothing picked up by insurance!

August 26, 2010

Sorry for the absence but things have been crazy around the office and I let blogging get left behind. While I’ve been gone there has been a ton of data breaches and other related events happening so I hope you’ve been able to keep up. While reading an article today I found one that might hit home for some of you. A data storage company suffered a breach and lost HIPAA information for a large number of patients. That information caused the client to spend over $3,000,000 dollars to comply with the breach notification laws.

The client has come back on the storage company who reported the loss to their insurance company only to find out a breach of data isn’t covered on the general liability policy. This is an instance that a cyber liability or data privacy policy would respond to. Because the broker wasn’t educated in the space, someone is going to have to come up with over $3,000,000 to reimburse the client for their expenditures. This isn’t a situation I’d want to find myself in.

To read the entire article, click here.


One great way to protect your company from a data breach

February 11, 2010

There was a great article in the National Journal yesterday about insurers helping protect companies from a cyber attack. In 2002, the Bush administration worked hard with insurance companies to broaden coverages helping protect a company in the event of a breach. These coverages have been slow to take off but due to the recent well publicized breach last week involving China and Google some experts think companies will begin to take this coverage more seriously.

To read the National Journal article, click here.

Business Journal Article on Data Theft

November 23, 2009

Recently in the Kansas City Business Journal there was an article about data theft and the insurance options out there. It is nice to see someone finally bringing this issue to light and I hope this will make people realize that the threat is real. Over the past few months, I’ve spent a considerable amount of time trying to educate my clients and prospects on the need for this type of coverage but many business owners still think they are immune to a data theft.

To read the entire article, click here.

Will your cyber liability claim actually get paid?

August 28, 2009

I’ve heard from a few clients and prospects lately that they’ve heard that even if you purchase insurance to protect your technology and data assets, your claim won’t be paid. This is NOT TRUE. There is clearly a divide in the marketplace of companies who “understand” technology risks and companies who don’t. Although the form and coverages may be very similar, the companies who actually understand the risks are also the ones who will actually pay your claims. When a business is shopping for policies and comparing policies, they may see two identical policies from two different companies but one is significantly cheaper. The reason it may be cheaper is because that company doesn’t “understand” the risk. If you’re faced with this decision, make sure your broker helps advise you if that company has a history of paying their technology claims or not.

Cyber Liability vs. Data Privacy Coverage

July 22, 2009

Although some carriers and individuals lump Cyber Liability and Data Privacy coverages together, they are different coverages. I wanted to take a few seconds to discuss the differences in the coverages.

Cyber Liability coverage covers any liabilities that occur through a website, network or other technology your business uses. If a customer uses your web portal to spread a virus to other users, this would be a cyber liability. If a hacker steals money by hacking into your network, this would be covered under your cyber liability policy. However, typically one of the first things excluded in a cyber liability policy is the theft or loss of data which is why you need a data privacy policy as well. As I’ve discussed in earlier posts, data privacy insurance covers costs associated with a data breach. That breach can occur because data was either electronically lost or stolen or physically lost or stolen. For more information on these coverages, feel free to call me or e-mail me.

A tool to greatly decrease your cyber risk???

July 14, 2009

People have been looking for a tool to eliminate cyber risk for sometime now but have struggled to find something. Not only would a tool help businesses prevent data breaches but it will help insurance underwriters have a better understanding of the risk they’re taking on and allow them to price the data privacy insurance product appropriately.

I got to meet with a local business owner last week who may have the product. He currently has a product that minimizes health, safety, environmental, and other types of risk to help businesses decrease their insurance costs; they distribute their product through a large international insurance company. He was able to show me a product he’s developed that will allow a business owner to do the same thing with cyber risk. So don’t be surprised if you see a product like this on the open market in the next few years!

What is Data Privacy Insurance?

June 3, 2009

At over $200 per customer, even a small data breach can be very costly to your business.  And even if you take all the necessary precautions to protect your network, we’ve seen no business is too big or too secure to have their network breached.  To help minimize the financial and business losses in the event of a breach, your business can purchase insurance to cover these costs.  However, most standard lines of coverage won’t cover data breaches and the cost associated with them.  In a recent article in the National Underwriter Property & Casualty Magazine, they write, “general commercial liability and umbrella policies do not cover the majority of activities associated with Web 2.0 and social media liability.” [1]  To help cover these costs, a business can purchase a data privacy policy. 


What can a data privacy policy cover?

  • Unauthorized access to, use of, or tampering with data
  • Liability arising from denial of service attacks or the inability to access websites or computer systems
  • Crisis management and public relations expenses
  • Regulatory action defense expenses
  • Computer system extortion expenses and losses
  • Intentional wrongful conduct of “rogue” employees
  • Coverage for punitive damages
  • Any form of invasion, infringement or interference with the rights of privacy or publicity 
  • Business Interruption loss and/or restoration expense incurred as the direct result of an enterprise security event which causes a system failure
  • Data restoration costs
  • Legal liability, defense costs and expense reimbursement for your business for a personal identity event


[1]Hidden Risks.” National Underwriter Property & Casualty. November 3, 2008.