By Nick Langer, Risk Advisor
TOLMAN & WIKER INSURANCE SERVICES, LLC
Not too long ago I walked into my local department store to purchase a new tie. When I approached the cashier and presented my debit card I was taken by surprise when the cashier said, “Sir I apologize, however your card has been declined.” Knowing that I had more than sufficient funds to cover my $45 purchase, I naturally asked the cashier to run it again. Yet again, I was presented with her discerning response, “Sir it was declined, again…” A feeling of embarrassment and uneasiness quickly filled my emotions and I became frustrated with the young cashier. I presented her with my credit card issued from my bank… Declined! As the line behind me grew with impatient customers, my annoyance and embarrassment with the situation grew. I stepped outside and contacted my bank to find out that they had frozen my accounts as there had been over 50 transactions for cash transfers processed in amounts ranging from $599 to $899, effectively cleaning out my accounts and exceeding the credit limit on my charge card. The most alarming fact was that the transactions were processed online and occurred within a 15 minute window.
After weeks of phone calls and police reports, my bank eventually resolved my situation, internally. To this day, however, it is unknown as to how my information was compromised. Assumptions were made by local law enforcement agencies that the attack could have come from anywhere including a bank employee, hacking of my passwords, data breach of a creditor or even utility company. Nonetheless, I am forced to continue monitoring my credit as I occasionally receive alerts when the criminals make fraudulent attempts to use my personal information to obtain a line of credit at a department store or purchase a new vehicle.
Contract security firms and private investigators constantly assume risk in their daily operations. In fact, the use of a contract security firm is simply a tool used by various companies to transfer their risk, thus limiting the company’s exposure to hazard risks. Savvy security companies and investigators not only purchase general liability insurance to finance their exposure to the inherent hazard risks associated with their operations, they perform annual reviews with their management and insurance brokers to identify what hazards may present themselves and in turn, what specific insurance coverage and/or endorsements are available to respond to these risks. Obvious concerns range from assault & battery, theft, employee dishonesty, professional liability, wrongful arrest, slip & fall, contractual liability. Seemingly apparent risks associated with the security industry.
What about theft of your employees’ personal information? Are your responsible for proprietary information or intellectual property stolen or leaked from your clients’ location while you are on post? How do you recuperate costs after a computer virus or hacker attacks your server or management software? Are you ready to respond to hacking of your email or social media account? How do you respond when images or information about a high-powered executive under private investigation are lost and wind-up on the news? Do you take payments from clients via credit card or electronic check, what happens when their account information is compromised?
Liability for loss of customer or employee data is not typically covered under a general liability insurance policy. Some Business Owners Policies (also known as a B.O.P.) that offer general liability and directors and officer’s liability may provide a measure of coverage for first party data loss. Careful review of these policies will reveal significant gaps in what is and what isn’t covered after an attack or breach.
“A recent survey by Chubb Group of Insurance Companies found that 65 percent of public companies forego cyber insurance – even though they identify cyber risk as their number one concern. Meanwhile, a quarter of those surveyed are expecting a cyber-breach in the coming year, and 71 percent have cyber breach response plans in place.” – According to Forbes.
Technology continues to transform businesses and the ways in which we conduct business. Recent surveys have reported that more than half of small to mid-size businesses have already experienced at least one data breach. The risks are increasing daily as most businesses process credit card transactions, store and disseminate sensitive employee information, client information and data. In addition, media and advertising-related exposures have grown significantly as businesses take on roles once reserved for traditional advertising agencies. The influx of digital and social media such as blogs, interactive websites and “Aps”, increasingly common use of pictures, music and videos to promote products or services have exposed all businesses to new advertising and media-related exposures.
Assumptively, high-profile and high-risk companies may appear to be at greatest risk, however small to medium sized businesses are just as vulnerable. “According to a recent study by the U.S. Secret Service and Verizon Communications, Inc., over 72 percent of all data breaches occurred in small to medium sized businesses. The average cost of a breach? Over five million dollars, according to most financial analysts.” – According to Forbes.
Is your business name strikingly similar to that of another? Did you have your website and its content reviewed by an attorney or third party before publishing to the World Wide Web? Who has access to your employee files?
In a rapidly changing landscape, cyber liability provides protection to help businesses safeguard against sensitive data breaches, computer hacking, dumpster diving, computer viruses, employee sabotage, employee error, pilferage of information and identity theft to name a few risks. As with any insurance coverage, the purchase of an insurance policy simply allows for the financing of damages associated with the risk.
True protection comes from:
Identifying and assessing your risks
Developing safeguards and programs to prevent loss where feasible
Mitigate the impact of a loss
Transferring of risk onto a third party
Given the unique hazards presented in the security industry a simple review of internal operation is not sufficient. Contract review is just as, if not more, important. Do your contracts address a data breach? Who is responsible when sensitive patient information is compromised from a hospital or medical facility while you have a guard on post? Do your employees have access to your clients’ electronic data processing equipment? This article is not meant to scare you, however if you have not researched these emerging risks and their potential impact on your business you should be alarmed. Just as I was when I stood at the department store register, concerned, confused and inherently vulnerable. We must take preventative action to safeguard ourselves and our businesses to prevent vulnerability.
This article was originally published in CALSAGA’s newsletter.
Tolman & Wiker Insurance Services, LLC is an official CALSAGA preferred broker.
Image credit: sixninepixels/ freedigitalphotos.net
Find an upcoming Loss Prevention Seminar near you! View our full schedule of Loss Prevention Seminar topics for information about our Loss Prevention Services.