Data Defense

As your clients leverage new technologies to run their businesses, it’s important to understand the different types of attacks they face in order to secure the best coverage possible.

Technology has and will continue to change the way you and your clients do business. Businesses of all shapes and sizes rely more heavily on technology to run their operations and reach customers. As they leverage the opportunities technology provides, they also create new property and business interruption exposures. It’s important to understand the different types of attacks your clients face in order to secure the best coverage possible.

Increasing Cyber Attacks
In 2013, cyber-espionage attacks reportedly targeted the U.S. Army Corps of Engineers, nuclear weapons researchers and defense contractors throughout the U.S. In the private sector, attacks on utilities and transportation segments also increased.

Furthermore, the retail business has seen an increased number of attacks in the last few years. Target, Neiman Marcus and Michael’s all reported security breaches, leading to questions about the safety of private data and also about the ability to protect sensitive corporate information. Some of the information exposed included names, mailing addresses, email addresses, phone numbers and even customer credit and debit card numbers.

Beyond cyber-theft, there also are “denial of service” attacks whereby data processing systems are subject to large numbers of emails, inputs, etc., overwhelming its capacity and taking it offline. This prevents communication with customers or others and essentially restricting the victim from otherwise conducting business.

Risky Business
Cyber security issues can affect a company in several areas:

  • Negative financial income impact (Target said it incurred more than US$61 million in expenses in the final months of 2013 because of its breach)
  • The cost to correct the problem
  • Loss of reputation and customer confidence
  • The cost to discover and repair the breach
  • Costs to address potential lawsuits from customers, suppliers, regulatory agencies, and others.

Protecting Your Clients
You can help your clients understand whether or not they have adequate coverage by a simple analysis of how their policy defines EDP (Electronic Data Processing). EDP is made up of three components:

  1. EDP Equipment – the servers, computer terminals, monitors, laptops, etc.
  2. EDP Media – the disk drives, disks, magnetic tapes, etc., on which data is stored.
  3. EDP Data – the information stored on the media such as facts, concepts or programs.

The last component, data, is often the most challenging as it rarely takes physical form. Some important questions to ask are:

  • Is data covered or excluded?
  • What kind of special coverage limitations are being applied to it?
  • Is there coverage for loss or damage to the data without direct physical loss or damage to equipment or media?
  • Is there coverage for viruses; are the limits adequate for the exposures?

EDP Data Coverage
Affiliated FM recognizes these risks and, while our Affiliated FM proVision® policy is not a Cyber Risk policy, it does offer embedded first-party protection against many of these issues as outlined below. The policy:

  • Considers EDP media and EDP data as covered property
  • Provides coverage for data at described locations, newly acquired property, and unnamed locations subject to territorial restrictions.
  • The valuation of EDP Media and Data is the cost to replace or restore the property with other of like kind and quality, including the cost of researching, gathering and/or assembling information.
  • Additionally, there is no exclusion for virus attack that causes physical loss or damage to EDP Data—our policy covers damage to EDP Data from the malicious introduction of a machine code or instruction.
  • Coverage includes virus attacks to utilities covered under Off Premises Service Interruption and customers and suppliers covered under Contingent Business Interruption that results in a loss to our insureds.
  • Covers resultant physical damage to equipment.

The policy does not cover third-party liability items that are typically found in a Cyber Risk policy, such as:

  • Media liability
  • Data copying as the originals are still available and undamaged
  • Cyber extortion
  • Errors in programming
  • Denial of service
  • Liability for unauthorized use

We know your client’s business will continue to evolve and leverage technology in order to remain competitive and grow. In order to protect their businesses, a comprehensive approach to their exposures is necessary, including an understanding of the risks and the appropriate coverage and limits available. Affiliated FM production underwriters are available to assist in explaining and tailoring the coverage we provide to fit the first-party exposures of your clients.

For more information visit www.AffiliatedFM.com or contact your production underwriter.