If you think viruses, worms and malicious hackers pose a threat to your business (and you should), you have no idea how bad things could really get. That’s because traditional insurance was written for a bricks-and-mortar world. Fact is, insurance companies have been quietly writing exclusions into standard policies, erasing the grey areas in which your general commercial property and liability coverage might have protected your company from cyber-disaster.
But help has arrived. A handful of companies — including American International Group (AIG), Zurich Financial Services and Lloyd’s of London — have stepped into the breach with cyber-specific offerings. Premiums range from $5,000 to tens of thousands of dollars, depending on the depth of coverage. (In the U.S., AIG demands a minimum premium of US$10,000. That standard has not been imposed in less risky Canada.)
According to Ty Sagalow, COO of AIG’s e-business division, the best policies cover: Web-content liabilities; financial loss resulting from data damage, destruction or corruption; professional errors and omissions; and loss of income from network security failures. “In addition,” says Sagalow, “you can purchase coverage for cyber-extortion, cyber-terrorism, post-incident public-relations fees and even a criminal reward fund reimbursement.”
But be warned: because this trend is so new, the coverage isn’t uniform. “You need to ask a couple of key questions,” says Jan Wleugel, senior vice-president at Toronto-based risk-assessment and corporate insurance brokers Marsh Canada Ltd. First, does the policy cover employee theft and breach of privacy? “A lot of insurers deliberately write this out of the policy because it’s difficult to control employee theft,” says Wleugel, “so you need to ask.”
The other key: when a policy covers electronic theft, does it include the physical theft of electronic information? If a person walks into your office and steals a tape with electronic data on it, are you covered? “Some companies will say you aren’t,” explains Wleugel, “because the theft itself was physical rather than electronic.” Clearly, it pays to be vigilant when it comes to insurance, semantics and your money.