The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses. A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur.
Awareness of the potential online liabilities your company faces is essential to managing risk through proper coverage. Our customers are sometimes confused between three different protections we offer and their limitations: a cyber liability policy, a social engineering endorsement (under an existing crime policy), and a professional liability policy. What does a business need to know about each of these three protections to understand their differences?
Two fundamental questions will help us explain the differences between these policies/endorsements:
- What is the loss? Does it involve money or data?
- How is taken?
Cyber Liability Policy
To trigger a cyber liability claim, data is breached or lost and it may be done through conventional hacking; phishing or spear phishing; stolen or misplaced hardware such as a laptop or phone; or a scenario involving the malicious exposure of private data.
Other exposures covered by a cyber liability policy include:
- Intellectual property rights– Your online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
- Damages to a third-party system– If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.
- System failure– A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss (physical damages would still be covered under your existing business liability policy)
- Cyber extortion– Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order.
- Business interruption– From a server failure to a data breach, such an incident can affect your day-to-day operations.
Social Engineering Endorsement
Social Engineering is an endorsement offered under a business’s existing crime policy. Money is at stake, using misrepresentation often involving a technique named spear phishing.
Spear phishing is when a criminal uses personal information to pose as colleagues or other sources specific to individuals or businesses.
A spear phishing attack is often disguised as a message from a close friend or business partner and is more convincing than a normal phishing attempt; when messages contain personal information, they are much more difficult to identify as malicious.
Professional Liability Policy
A professional liability insurance policy, also referred to as professional indemnity insurance, protects professional personnel against negligence claims made by their patients or clients.
Common claims made on this policy include negligence, misrepresentation, violation of good faith and fair dealing, and inaccurate advice. For example, if a web design platform fails to perform properly, it would not cause bodily injury, property damage or advertising injuries. Because of this, the general liability policy would not be triggered. But because the web design platform not performing correctly could directly cause financial losses, and may be attributed to a misrepresentation of the platform’s capabilities, the professional liability coverage would be triggered.
If you have further questions about how these cyber policies and endorsements relate, or if you would like to discuss potential coverage options to further protect your business, contact me today.
Please note that the information contained in this posting is designed to provide authoritative and accurate information, in regard to the subject matter covered. However, it is not provided as legal or tax advice and no representation is made as to the sufficiency for your specific company’s needs. This post should be reviewed by your legal counsel or tax consultant before use.