Insurance carriers and brokers are seeing increased demand in policies specifically tailored to cover an employer in the event of a data breach, a risk that is increasingly common as more business moves online for small and large employers alike.
While online business dealings -- from retailers to electronic health records -- have been prevalent for more than a decade, high-profile data breaches at major companies like Sony, Google and, on a local level, St. Joseph Health, have caused employers to take a closer look at an insurance product that might not have seemed necessary in the past, insurance experts said.
"We've gotten a lot of calls from prospective clients about cyber security and liability policies," said Greg Culley, who runs Culley Insurance Services in Santa Rosa. "And they're asking us, 'Is this something we're insured for?' And they're not, so there's specialized products that a handful of companies are offering, and it's starting to get a foothold."
As numerous examples have shown, a company that either is maliciously hacked or accidentally discloses personal information on the web can, and likely will, face steep class-action lawsuits or will be made to notify and correct the issue, all of which can add up quickly, said Pamela Chanter, vice president of Vantreo Insurance Brokerage in Santa Rosa.
[caption id="attachment_57294" align="alignright" width="144"] Pam Chanter[/caption]
"Cyber risk has never been greater than today due to the technology-dependent world where we do our business online and where we store sensitive customer data electronically," Ms. Chanter said. "We see in the news on a regular basis that businesses have breaches that involve millions of dollars from cyber attacks. It's clearly a risk that impacts the bottom line of a company."
Smaller companies in particular are expressing increased interest, as the ramifications of data breach become visibly damaging to even the largest, most organized companies, said Joe Smith, a professional liability broker with Crouse and Associates, a San Francisco insurer that writes a good deal of Vantreo's specialty coverage.
"There is definitely a trend of corporations and smaller business buying it," he said.
And it's not strictly limited to electronic breaches, but rather it could be any situation where personal data is mined or lost from a company's confines, Mr. Smith said.
"There's a common misconception that cyber liability has to be in electronic form. It doesn't," he said, noting that dumpster diving for documents and employee error, such as failing to encrypt passwords on computers, contribute to about 75 percent of cases in which personal information is disclosed.
"It's really exploded and evolved into what it is today within the past five years," Mr. Smith said of the level of coverage and interest in it. Such liability insurance has existed for probably a decade or so, but only recently have employers begun to look closely at the policies. "Definitely more within the last two years."
Mr. Culley and Mr. Smith both likened the increased attention in cyber liability coverage to that of employment practice liability insurance -- it wasn't popular when first rolled out but is now a standard area of coverage.
"Over the years we've seen that you're more likely to get sued by your employee for wage disputes and discrimination," Mr. Culley said. "It wasn't immediately popular but over time it became common place. I think (cyber security liability) is going to go the way of employment practice -- it will be a standard part of your insurance package."