PRODUCT: Security & Privacy Risk Response, available on a primary/excess basis

COMPANY: Starr Companies

BEST RATING: A (Excellent)

AVAILABILITY: Coverage is available on an open-brokerage basis.

FOCUS: From Target to Home Depot, retailers and financial service companies have a front-row seat to the potential damages of a security breach. But David Norfleet, senior vice president and chief underwriting officer for Starr Surplus Lines Insurance Company, makes it clear that all businesses, regardless of industry, face significant cyber risk.

“Whenever private information is compromised, not only does an organization face potential fines, but the expense of notification, credit monitoring and long-term liability can quickly accumulate creating potential financial hazards—not to mention reputational risk to a company,” Norfleet says. “It can be staggering.”

Exposures exist in the form of any financial transaction, stored employee data, vendor access and lost laptops. “Many companies minimize their own susceptibility because they don’t have extensive online financial transactions with the public,” Norfleet explains. “But if any personal information about employees—from heath care to personal identification details—is housed online and a server is breached, you have an issue. Even a website creates additional exposure. Essentially, anywhere you store and exchange information can become a potential weak spot.”

And that means every business is vulnerable. In response, Starr has created a new Security & Privacy Risk Response product geared at middle-market commercial businesses and non-profits. “We’ve gone beyond simple issuance of a policy, and considered the very-real implications of a security breach,” Norfleet says—including tools for avoiding an incident in the first place, but also a layer of assistance to help with the substantial aftermath.

A key element of this approach is Starr’s partnership with eRisk Hub, which provides clients with a Breach Coach consultation and access to an incident hotline, staffed by security experts. Additional features include loss mitigation services, cyber security news and education, security assessments and access to leading security experts. “Eluding a breach is the obvious ideal,” Norfleet says. “But if an incident does happen, we want to make sure we’ve done everything we can to provide immediate protection while also helping the client manage and learn from it in the long run.”

UNDERWRITING: Up to $15 million primary or excess limits capacity. Coverage for both third-party loss and first-party costs, including network security and privacy liability, data breach notification and credit monitoring, forensics and investigations, business interruption, data recovery and repair, regulatory fines and penalties and extortion threats. Adaptable coverage for a client’s growing business, including manuscript endorsements. Duty to defend, with minimal settlement opportunity restriction. Severability of conduct exclusions for non-Executive Insured Persons and most favorable venue for punitive damages coverage.

MINIMUM PREMIUM: $10,000 on a standalone basis.

TARGET: Middle-market commercial businesses and not-for-profit organizations, defined as $15 million-$400 million in revenue. Focus industries include architects and engineers, construction, energy/utilities, environmental, hospitality, manufacturing, independent medical practitioners, professional service firms, real estate, technology and wholesalers. Excluded classes include payment processing, gaming, social networking, money center banks and adult websites.

COVERAGE TERRITORY: All 50 states.

CONTACT: David Norfleet, senior vice president and chief underwriting officer; Starr Surplus Lines Insurance Company, 1 International Place, Boston, MA 02110; 617-692-5295.

Amy Skidmore is an IA contributor.