Cyber insurance is especially useful for small companies
Yes, many cyber crimes are covered — if implicitly — by current insurance policies under clauses such as fraud and dishonesty (for data sabotage), theft (sensitive data removal), general property terms (disclosed personal data), etc.; still, small companies which rely on outside vendors would be advised to demand policies which are more explicit in their coverage of cyber crime
Every day we read stories about hacked computer systems, virus attacks, Web outages, copyright infringement, personal and private data theft, and other information technology-related horrors. In response, many insurance companies have developed cyber-insurance programs. The market and courts are still trying to determine whether this is a necessary evil in evolving business times or the undercarriage protector of the business insurance world. Travis Crabtree writes in the Houston Business Journal that a new cyber policy could be overkill because some losses may already be covered. An insurance broker and a lawyer familiar with insurance and technology losses can determine what risks are already covered and what is not. For example, does the dishonesty and fraud policy cover data sabotage from a disgruntled or recently fired insider? What if the fired employee from IT takes sensitive data with him? This is nothing more than theft which, unless expressly excluded, may be covered by dishonesty/theft coverage, Crabtree advises. Here is another question: Do the general commercial property terms cover invasion of privacy suits because of disclosed personal data or violations of federal or state law? Is “intangible property” excluded from the property coverage? Often, older policies provide broader coverage with fewer emerging technology risks excluded because of the failure to adapt to modern hazards. Several courts have ruled that data loss is not covered under standard policies excluding intangible property. On the other hand, when renewing policies, an insured should watch for new technology-related exclusions which should result in lower premiums for the shrinking coverage when demanded by the astute insurance purchaser.
Some insurance advisers recommend the coverage for smaller companies. They are more likely to rely on others for things such as Web hosting, credit card payment processing, tracking of inventory, and sales data. “The insurance provides security against the reliability, or lack thereof, of outside vendors, which may not be provided for in the typical business loss coverage. Many larger companies handle these functions in-house and therefore manage their own risk or mandate coverage from their outside vendors,” Crabtree concludes.
