Cyber Liability Protection

A local hospital recently learned that several backup hard drives were missing from their computer room which contained employee records for several thousand employees going back almost ten years.

A partner in a boutique law firm, specializing in intellectual property law had his laptop stolen from a coffee shop while he was reading the newspaper.  The laptop contained several active files he was engaged in at the time.

An employee of a professional services firm has made a post on their personal Facebook page about a competitor which is not favorable; in fact it’s somewhat slanderous.

What do all of these situations have in common?  They are all examples of companies which have experienced cyber liability exposures which could lead to lawsuits and federal compliance issues.  We’ll take a look at each example and what the potential costs could be to better understand why Cyber Liability Insurance should be considered by any business that operates digitally.

In the case of the hospital losing digital employee records, they have potentially exposed personally identifiable information into the public realm.  There are serious HIPAA violations as well as federally protected privacy violations involved in this case.  At the very least, the hospital must notify each employee of the possible release of information and under federal law pay for credit monitoring services for two years.   The cost of that notification and monitoring process is estimated by industry experts to be just over $200 per record.  The hospital believed that at least 3,000 records were contained on those hard drives, which amounts to a potential compliance expense of $600,000 which is not covered by any standard business insurance policy; in addition there are the possible legal liability lawsuits that could arise from this breach which could amount to millions of dollars in defense and settlements.

The stolen laptop example is not uncommon, but in this particular situation, the data that is compromised is protected under client confidentiality agreements and worth millions of dollars because the IP attorney had patent information of his clients stored on his hard drive.  Under the confidentiality agreement the attorney is duty bound to report the theft to his clients which will trigger liability lawsuits, which unfortunately are likely not covered by the law firm’s business insurance or professional liability policies.  Potential liability exposure – over $10million!

In these first two examples having your systems professionally managed and encrypted (for mobile users) is your first line of defense; insurance is your second line of defense, which we’ll discuss in a moment.

The last example an employee uses social media to drag a competitor “through the mud”.  This has several implications, but we’ll look at the corporate perspective.  Social media is great for promoting your business and gaining “fans” or “likes” – but it has serious liabilities attached to it.  Whether content is written as a post, a blog, or a video the “author” or poster of that content becomes a publisher.  Under a commercial general liability policy publishing activities are excluded from the personal and advertising injury section of the policy.  That means when an employee “publishes” that somewhat slanderous remark about a competitor and that competitor sues for defamation, the claim is likely going to be denied due to this publishing exclusion.

Today’s digital world has presented businesses with an alarming number of potential exposures that were not contemplated, nor covered by traditional business policies and that’s why businesses need to look at purchasing Cyber Liability protection.  The coverage goes by several different names, but the core cyber liability or internet privacy policy will provide protection from third party type losses described here, as well as first party losses such as loss of digital assets.  Coverage can be tailored to each business’ specific needs and is generally not expensive.  In fact, in today’s world it’s really not a question of “if” you’re going to experience a cyber related loss; but “when” you will.

The author; Gordon B. Coyle, is the president of The Coyle Group; ( a boutique commercial insurance brokerage and risk management consulting firm located in New York.