Thought Leadership on Property & Casualty/Risk & Insurance Management presented by Commercial Insurance Managers.
- I don’t have an exposure risk because I don’t maintain any personally identifying information on my customers. All businesses have an exposure risk. Information at risk includes not just customers’ information, but employees’ Social Security numbers, health information for benefits programs and credit card numbers.
- I don’t conduct business over the internet, so I’m not at risk. The majority of cyber breaches are not due to internet hacks, but accidentally released or stolen physical files or electronic media such as laptops, thumb drives, lost cell phones, etc.
- I have coverage under my property, general liability or other commercial policies. Unfortunately, you will find that there is no coverage if you have a breach. Property insurance covers tangible property, and data is not tangible property by law. General liability policies have exclusions for damages as a result of the release, disclosure or access to personally identifiable information.
- Data breaches only happen to large companies and public entities. You hear about hackers stealing information from larger companies and the government, but most breaches affect small to medium-sized businesses.
- Laws requiring notification of personal data breaches only apply to large businesses. There are 47 states that have legislation requiring notification in the event an entity breaches personally identifying information. None of their laws address the size of the entity.
- If we have a breach, we will simply send “We’re Sorry” letters to our clients. You now have a reputation problem with customers. You will need to set up a toll-free hotline, credit monitoring services and identity recovery services for them.
- I concentrate on IT security and don’t need cyber insurance. IT security is important, but will not prevent other breaches, for example through procedural mistakes or disgruntled employees.
This article was written by Gordon M. Mumpower Jr., CPCU, MBA, president of Commercial Insurance Managers Inc., a VOSB-certified business.