By Laton McCartney
Four or five years ago, insurance carriers selling cyber-liability insurance had difficulty giving the product away. "CIOs weren't interested," Drew Bartkiewicz, vice president of cyber and new media risk at The Hartford, tells CIOZone. "They'd say, 'We have firewalls; we have encryption. What do we need cyber-liability insurance for?"
That "what, me worry?" attitude has changed dramatically with the financial downturn, the sharp uptick in outsourcing and the influx of potentially disruptive technologies such as cloud computing, social networking and virtualization. "CIOs are starting to embrace the idea of protecting against the risk that comes about as the unintended consequence of Web 2.0 technology," Bartkiewicz says. "At the same time, data is becoming increasingly regulated, which is creating new exposures, particularly in the areas of data privacy and reputational risk."
Hartford's CyberChoice 2.09 insurance covers data privacy, e-media and Internet liability, network security, infringement of intellectual property rights, professional services and network security. Customers can pick and chose the kinds of coverage they need and have a wide choice of providers, including Hartford; MAG Mutual, which focuses primarily on the health care industry; BBVA Compass; and Brunswick Companies.
Premium costs and policy limits vary depending on how much coverage a company buys. Compass has a $5 million policy limit, for example. Hartford's limit is $10 million.
Bartkiewicz says one of the big problems today is rogue employees who may say something derogatory in a blog. "They can publish at will, and their employer is not protected by placing its terms and conditions on its Web site. You can't hide behind conditions if something goes wrong." Case in point, notes Bartkiewicz: Louis Vuitton won $63 million in a suit against eBay last year as the result of a law suit claiming the online auctioneer hasn't done enough to prevent sales of counterfeit luxury goods.
Other major threats today include data breaches, especially sensitive healthcare or financial data. "The nature of the data has an impact on the potential liability," Bartkiewicz says.
Bartkiewicz is also wary of cloud computing providers that may have data from hundreds or even thousands of customers stored. In the technology sector, he notes, the term aggregation usually has a positive connotation, meaning economies of scale have been achieved. "In the financial services industry, however, it's become a four letter word." The reason: The more data that's aggregated in cloud storage, the greater the risk if the cloud provider experiences a problem.
In applying for liability and risk coverage, a company has to complete an extensive questionnaire dealing with the risk controls they have in place and the organization's potential vulnerabilities. In the past, these questionnaires were sometimes filled out by the risk manager alone. Today, however, both the CIO and the risk manager need to complete the questionnaire. "If the risk manager tells us that the CIO was too busy to work with him in completing the questionnaire or sign it, that shows us that they're not working together," says Bartkiewicz. "Those are the kinds of clients we run from."
Only registered users can write comments.
Please login or register.