New coverage designed for cyber-liability and privacy breaches

Armed with an initial capitalization of Cdn$10 million, Executive Risk Insurance Services is developing a new breed of insurance coverage specifically geared towards risks associated with cyber-liability and privacy breaches.In a seminar in Toronto, Executive Risk said its insurance product is being developed to tackle cyber-liability risks not often covered under traditional insurance policies. Traditional policies, for example, require damage to “tangible assets” which don’t often apply to corporate data and contain exclusions for intentional acts (such as data theft). Executive Risk said its new coverage is designed to cover first-party costs related to specific cyber-liability exposures, such as: liability (including compensatory damages to people whose privacy had been breached, as well as defence costs associated with civil or regulatory actions); fines associated with regulatory orders; and response plan ( including costs associated with public disclosure, credit monitoring and public relations efforts to mitigate damage to reputation).Other exposures to consider when it comes to coverage include direct damages to insureds (including business interruption, mitigation efforts and costs to restore lost, stolen or corrupted information).Crisis management and disclosure alone can cost a company about Cdn$200 per record, the speakers noted. Just as a point of reference, Choicepoint in the United States saw the personal records of 163,000 people exposed to criminals, and a third party contracted by CardSystems exposed 40 million credit card numbers to banks and merchants.The costs of privacy breaches popularized by recent stories in the media about Winners, Passport Canada and Bell Canada are escalating, the speakers noted. In the United States, studies suggest the liability for privacy breaches and cyber-crime have cost companies up to US$100 billion. Research by the Ponemon Institute in the United States shows Internet hackers, commonly thought to be a key source of exposure, only accounted for 4% of privacy breaches monitored in 2007. Lost laptops or other portable electronic devices such as blackberries accounted for almost half (48%) of the privacy breaches monitored.