• Quincy Insurance Consultants in Partnership with Dasco Insurance

  • What is Cyber Liability Insurance?

  • Cyber Liability addresses the first- and third-party risks associated with e-business, the Internet, networks and informational assets. Cyber Liability Insurance coverage offers cutting edge protection for exposures arising out of Internet communications.

    The concept of Cyber Liability takes into account first- and third-party risks. The risk category includes privacy issues, the infringement of intellectual property, virus transmission, or any other serious trouble that may be passed from first to third parties via the Web.

    Media exposures arise from intellectual property, defamation and invasion of privacy claims. The intellectual property exposures, such as copyright or trademark infringement, are an unpredictable and rapidly evolving area because the law as it applies to the Internet is not clearly defined. For example, no clear definition has been established for standards of copyright infringement. Does a link from another site to your content infringe on your copyrights? The litigation involving Internet-based music sharing is delving into this new territory.

    Security breaches are another area of significant exposure for companies involved with the Internet. The introduction of viruses and unauthorized access are well known examples. Theft of data and extortion are less publicized but equally important exposure areas. Recently, privacy issues related to e-commerce initiatives have gained national prominence, and employee actions have become a significant source of security breaches.

    The exposures listed above are not all inclusive, and no policy provides coverage for all the exposures. Cyber Risk insurance is designed for the following sectors of the e-commerce and Internet world:

    – e-Professionals – providing traditional professional services over the internet
    – Information Technology (Internet) Professionals – website developers, systems/computer consultants, etc
    – E-commerce Companies – companies existing only on the net and “clicks & mortar” companies, and content providers such as portals, search engines and specialty providers of content
    – Internet Advertisers – traditional organizations utilizing the internet for marketing

    When do I need Cyber Liability Insurance?

    Anyone with a Web site now has the legal liabilities of a publisher.

    The Internet – that technological wonder of worldwide communication – has spun a whole new “web” of liability exposures.

    Creating a Web site is simple. The exposures that come with it are not. Privately owned companies that venture onto the World Wide Web face liability exposures that are emerging, evolving, and complex.

    Commercial companies that disseminate information to the public via Web sites face the same legal exposures as publishers, yet most have little or no concept of their resulting legal responsibilities. Moreover, new legislation continues to create potential liabilities, particularly in the areas of user privacy and domain name infringement.

    Why do I need Cyber Liability Insurance?

    For a company operating in today’s high tech world, your computer network will more than likely provide internal and external email. You will probably have your own web site providing information about your company, its products and services with even the possibility of e-commerce.

    Traditional liability products do not address Internet exposures and the risks involved in Internet business have blossomed with the Net itself. That is why you need Cyber Liability Insurance.

    By disseminating information to the public via a website, commercial businesses now have some of the same exposures as publishers. These include conventional publishing exposures such as copyright infringement, defamation and invasion of privacy, as well as emerging exposures related to operating on the Web.

    The universe of potential plaintiffs is staggering, given the number of people and organizations that are currently surfing the Net. A potential legal action from just one of them could be costly. In a 1999 case, a company improperly used a sports celebrity’s name and photograph on its web site, and the celebrity sued for the “fair market value” of his name, plus additional damages of $750,000. Clearly, the potential liability associated with web site content is already great, still growing, and rapidly evolving.

    What are some examples of actual claims regarding Cyber Liability Insurance?

    Some recent examples demonstrate the wide range of technology losses from e-commerce and Internet organizations:

    – Denial of service hacking
    – User posts libelous material on a bulletin board
    – Webmaster uses another site’s content in site development
    – Theft of client’s credit card numbers
    – Another party’s unauthorized use of your on-line content
    – Introduction of a virus into a client’s system
    – Inadvertent release of client’s confidential information
    – Theft of product designs
    – Extortion
    – Web site design that does not function correctly
    – Employee makes derogatory comments about a competitor

    Professional Liability. A software developer was hired to provide special tax revenue collection software for a state agency in the southern US. The contract amount was approximately $11 million. The consultant failed to deliver the software in a timely manner, resulting in a significant loss of tax revenue to the state. The state agency sued and the trial court returned a verdict in favor of the state agency in the amount of $474 million, much of which was punitive damages. This is an example of a claim where the consequences of an error or omission greatly exceed the value of the work completed.

    Extortion. A disgruntled employee encrypted a large, publicly traded company’s entire database. A ransom note read in effect: ‘try to crack the code or pay me $1,000,000 and I’ll give you the password’. The company paid the $1,000,000.

    An accounting firm wanted to upgrade their office desktop technology. In the process of replacing their old computers they ‘cleaned’ the hard drives as the manual suggested prior to throwing them out. A hacker recovered the discarded computers and restored the data on three of the hard drives. He then threatened to disclose the financial records of the firm’s private clients. The firm bought back the hard drives from the hacker for a multi-million dollar fee.

    Hacking. Repeated denial of service attacks by a computer hacker has virtually shut down a state’s Public Access Network Computer. The attacks have overwhelmed the computers capacity to respond to requests for an electronic handshake by sending as many as 150 bogus requests a second.

    An Internet Service Provider (ISP) was the victim of a hacker attack. The hacker planted swastikas and racist messages on web pages while masquerading as the provider’s administrator, erased data on two computers and shut down the system. The ISP was unable to operate for approximately 12 hours, and files created in the several days prior to the attack were lost.

    Loss of Data. A personal laptop computer stolen from a data processing center contained the account numbers for over 300,000 credit card customers of several major issuers.

    A technical instruments manufacturer had a disgruntled employee delete their entire database. It cost the company $7.8 million in lost revenues and $2.2 million to replace the lost data.