Cyber Liability: New Exposures

Presented by: CONRAD INSURANCE

© 2007, 2010-2011, 2013-2014 Zywave Inc. All rights reserved.

New Economy, New Exposures

• Business shift:• “Bricks and Mortar” to

“Clicks and Orders”• Online business is bigger

than ever

• Public Web presence for all to access

• Explosive growth in the 21st century

• One billion websites and growing!

New Exposures

• Net expansion outruns General Liability (GL) coverage• Existing policies do not account for Web-based

liabilities• Data theft is commonplace• Increasing intellectual property liability

claims

New Exposures

• Employee misuse of websites, emails and other electronic communications that involve:• Harassment of other employees or outside

individuals• Accidental or purposeful slander or copyright

infringement• Use of pirated or unstable software• Misuse of company data

Economic Exposures

• Trademarks• Copyright implications• Intellectual property

rights• Defamation• Security• Systems failures

Trademarks

Risks:• Cyber-squatting

• Registering domain names without consent• Deep linking

• Linking to Web pages within sites• Using unauthorized links

• To websites without consent

Copyright Implications

Risks:• Unlicensed duplication of

copyrighted material• Theft or unauthorized

distribution of trade secrets, customer lists, etc.

Intellectual Property Rights

Risks:• Website content

• Ownership issues• Who owns what content?• What is the scope of the licenses?• Patent infringement

How to manage:• Decrease legal liability with “terms-of-use”

agreement• Security and encryption concerns

• Review methods of authenticating information

Defamation

Risks:• Defamatory statements

• Opinions versus facts• Postings

• Via websites• Forums• Publications• Blogs• Online bulletin boards

Data Security

Risks:• Collection, storage and use of

information• Privacy issues• Security breaches

Risk Management:• Data Security Policy• Data Encryption• Employee Training• Transfer liability to third-party

vendor

Systems Failures

Risks:• Virus attacks• Physical damage or

interruption to servers• Natural disasters

Employee-Related Exposures

Employment liabilities• Privacy violations• Discrimination and

harassment

Privacy Violations

• Employees claim their privacy rights were violated after the employer reviewed emails or personal files

• Employees claim privacy violations for website tracking or blocking of Internet sites

Discrimination and Harassment

• Employees receive unwelcome verbal, visual or physical conduct that is sexual or discriminatory in nature• Conduct interferes with employee’s work• Employee feels violated and uncomfortable on the

job• Conduct occurs via email, forum posts on the

Internet or by physically showing another employee explicit websites

• Misuse of social media can open a company up to a variety of risks

• Keep track of what’s being said about your company online, through social networks and blogs

Social Media Exposure

Cyber Liability Insurance

• Scope:• Any company with a Web presence or performing

e-commerce activities• Coverage:

• Intangible economic losses• Destruction of home pages• Network and server failure• Unauthorized obstruction of customer information• Restoration costs• Fake orders• Viruses• Industrial espionage

• Base Rates:• Overall revenues

Solution Options

Internet Liability Insurance

• Covers for loss caused by fraudulent alteration or destruction of electronic information such as:• Malicious copying of trade secrets• Extortion, virus versus ransom• Loss of business income caused by virus or

destruction of electronic information

Solution Options

Media Liability Insurance

• Includes coverage for:• Libel and slander• Invasion of privacy• Infringement of copyrights

• Intellectual Property• Network Security• Product Recall

Features

• Occurrence policy • Claims Made Policy with extended reporting

periods (ERP)• Duty to defend• Punitive damages• Jurisdictional

Possible Exclusions

Typically, a traditional Commercial General Liability (CGL) policy will afford you coverage for business interruption, intellectual property damage, and similar losses.

However, insurers are avoiding liability by including specific exclusions and requiring endorsements for this coverage.

Therefore, a careful review of policy language is necessary.

Claim Example

ü Corrupted data

Example: A communications company sues for lost revenue and expenses to recover billing files for wireless customers that were deleted by their software vendor who was updating the system.

Indemnity Paid: $750,000Defense Costs Paid: $150,000

More Examples

n 130 million credit card numbers were stolen from Heartland payment Systems (HPS) by an outside hackern HPS’s stock price had fallen 74% 45 days after the breachn The breach cost HPS upwards of $70 million

n Kaiser Permanente was fined $200,000 for publicly posting 150 patient names, addresses and medical records on their website

n A 2012 data breach insurance claims study done by Net Diligence found that the average cost of legal defense for a data breach was $582,000 and the average cost of a settlement was over $2 million!

Cyber Liability: New Exposures

New Solutions from CONRAD INSURANCE