Technology Companies Are Exposed to Security Breach Litigation
Some Cyber Policies, By Themselves, Can Leave Gaps in Protection
WARREN, NJ, January 8, 2007 - Security breaches are becoming more frequent as businesses increasingly rely on technology to store and transfer assets and
sensitive information, such as customer names and credit card numbers. With each security breach, there is the risk that a
lawsuit or regulatory action could damage a company's reputation and do serious financial harm. Some retailers and financial
institutions already have faced litigation and regulatory actions, and some of these firms are now trying to hold their technology
vendors and others accountable.
"Any technology provider that sells a product or service that includes a security feature is at risk of being sued," said
Jim West, senior vice president at Chubb & Son and worldwide manager of Chubb's Information & Network Technology segment.
But West warns that many technology companies buy insurance that does not address the many exposures related to security breaches.
"Depending upon the circumstances, a single breach can trigger a variety of insurance policies, including crime, errors and
omissions, employment practices liability, general liability, property and even directors and officers liability," West said.
"With the advent of so-called 'cyber' policies, we are concerned that technology companies are buying insurance that addresses
only one facet of the exposure," he said. "Technology companies should take an enterprise-wide approach that includes insurance
for business income, impairment of computer services, general liability, data recovery costs, privacy lawsuits, reputation
injury and communications liability, and errors and omissions."
Much has been written about "cyber" risks and the theft of information, money and identities through the Internet. Since February
2005, there have been more than 260 major security breaches involving nearly 100 million personal records, according to Privacy
Rights Clearinghouse. But West warns that any organization that focuses just on its cyber exposures is not fully protected
against security breaches.
In March 2006, for example, a laptop containing personal information on 196,000 workers at one company was stolen from a rental
car in California. "Since the time when confidential papers were locked inside desk drawers and wall safes or otherwise hidden
from public view, the duty to protect non-public personal information has been a fundamental business principle," West said.
"But the risk of losing sensitive information has risen dramatically because of the high concentration of data that can be
stored on a computer hard drive."
West advises technology companies to work closely with their agents or brokers and insurance companies to identify and address
gaps in their insurance portfolio.
The member insurers of the Chubb Group of Insurance Companies form a multi-billion dollar organization providing property
and casualty insurance for personal and commercial customers worldwide through 8,000 independent agents and brokers. Chubb's
global network includes branches and affiliates in North America, Europe, Latin America, Asia and Australia.
|
