Resources

• Quarterly Newsletter
• Personal Insurance
• Commercial Insurance
• Film, TV & Internet
• Music, Touring & Live Events
• Professional Liability
• Life, Health & Disability
• COBRA Updates
• Health Care Reform Updates
• Health Care Reform - Bills That Passed
• Other Resources

Top 3 Myths About Security & Privacy Liability

(Source: Swett & Crawford)

Myth 1: I don’t need separate coverage because I’m already covered by my D&O, E&O or Commercial Liability Policy.

FACT:
After examining their existing policies and applicable exclusions, many insureds find that there are a number of potential fact patterns and claim scenarios that are typically not covered by existing policies:
• Computer hacking
• Lost laptops and backup tapes
• Stolen computer equipment
• Transmission of computer virus
• State and federal fines (e.g., HIPAA and new red flag rules)
• Costs associated with state privacy notification laws
• Cyber-extortion

Myth 2. It’s unlikely any of these events would ever happen to me.

FACT:
As more and more information is stored electronically, these events have happened to thousands of companies and organizations in a range of industries, and the numbers grow daily.1
• Since January 2005, over 246 million data records of U.S. residents have been exposed due to security breaches.2
• High-profile/“big ticket” breach stories are frequently in the news.
• Lesser profile lapses also occur frequently.

Myth 3. Even if an event happened, I can afford to “self-insure”

FACT:
The costs can be substantial and cover a range of unexpected areas. Consider the following losses and questions that could arise out of a single incident:
• Legal/Regulatory Costs - At least 40 states have enacted data breach notification laws; timing, form and content of disclosure vary and may require a host of lawyers to navigate. How will I ensure compliance?
• Notification and Consumer Monitoring Costs - Total average cost of $197 per record compromised.3 Where is this budgeted?
• Legal Defense Costs - How will I pay to defend third party lawsuits?
• Business Interruption Coverage - What would it cost my company if hackers took down my network for one day? One week?
• Cyber Extortion - How would I respond to a “ransom” demand from a perpetrator who stole my company’s personal information?
• Government Investigation - How would I respond to government investigation? Fines and penalties? Consider HIPAA, GLB and other statutes that may be applicable.
• Crisis Management Expenses - Would I need to hire a PR firm or other expert to help with the negative publicity?

1 See http://www.privacyrights.org/ar/ChronDataBreaches.htm#2 for a detailed list.
2 Source: Privacy Rights Clearinghouse, www.privacyrights.org.
3 Source: Ponemon Institute, LLC . “2007 Annual Study: Cost of a Data Breach”.