PRODUCT: Data Security Endorsement for Small Businesses
COMPANY: Liberty Mutual Insurance
BEST RATING: A (Excellent)
AVAILABILITY: Coverage is available through appointed independent agents.
FOCUS: Some 47 states have laws that require notifications and other actions after a data breach. But more than half of small businesses have experienced a data breach where private information is mistakenly or maliciously disclosed beyond authorized parties, and 72% did not notify the appropriate parties, according to a Ponemon Institute survey sponsored by Hartford Steam Boiler Inspection & Insurance Co.
As the number of cyber attacks increases, so does the number of small businesses at risk, said Bryan Grimm, senior vice president of industry practices and liability for Liberty Mutual. The carrier has long provided cyber coverage for mid-sized and large businesses, and will now fill a gap in the small business market. When a cyber attack occurs, small business owners have a battle on their hands. Restoring systems and notifying customers involves working with credit agencies, dealing with the perception fallout and asserting a legal defense. “These are items that can bury a small business,” says Paul Bi, product consultant, general liability underwriting strategy at Liberty Mutual. “Small businesses don’t have the resources to keep up.”
The scale of a cyber attack can swamp an organization, according to Liberty Mutual: Ponemon Institute reported an average cost of $201 per record to restore data for 2013, meaning a breach affecting 5,000 records could potentially cost more than $1 million.
UNDERWRITING: The coverage can endorse Liberty Mutual’s Custom Protector business owners package, monoline general liability policies and commercial business package. Clients can choose between four coverages in a variety of combinations:
Data compromise response expense: First-party coverage for expenses from a data breach, including notification, legal review, forensic information technology review, public relations services, and credit monitoring. Coverage also extends to regulatory and payment card industry fines and penalties where insurable by law.
Data compromise defense and liability (contingent on selection of data compromise response expense): Third-party liability and legal defense of a suit resulting from a breach.
Attack and extortion: First-party coverage for expenses for repairing, re-creating and restoring data and systems. It covers hiring a negotiator or cost paid in response to an extortion threat to launch a denial of service attack.
Network security liability: Third-party liability and defense for losses from a breach of confidential business data owned by a third party. The coverage also extends to the unintentional forwarding of malware.
The endorsement provides aggregate limits up to $1 million per coverage. Deductibles range from $2,500-$10,000 per coverage, depending on aggregate limit.
MINIMUM PREMIUM: No minimum premium set. Pricing varies with size of account, class and coverage.
TARGET: Retail, hospitality, contracting, professional services, manufacturing and distribution. But “almost any type of business needs this type of coverage,” Grimm says.
COVERAGE TERRITORY: All states except Hawaii and U.S. territories.
CONTACT: Michael McUne, manager, business insurance distribution; Liberty Mutual, 175 Berkeley Street, T-08, Boston, MA 02116; 857-224-1364.
Amy Skidmore is an IA contributor.