What is Cyber Liability Insurance

Document Sample
What is Cyber Liability Insurance Powered By Docstoc
					What is Cybe r Liability Ins urance?

Cyber Liability addresses the first- and third-party risks associated with e-business, the
Internet, networks and informational assets. Cyber Liability Insurance coverage offers
cutting edge protection for exposures arising out of Internet communications.

The concept of Cyber Liability takes into account first- and third-party risks. The risk
category includes privacy issues, the infringement of intellectual property, virus
transmission, or any other serious trouble that may be passed from first to third parties via
the Web.

Media exposures arise from intellectual property, defamation and invasion of privacy
claims. The intellectual property exposures, such as copyright or trademark infringeme nt,
are an unpredictable and rapidly evolving area because the law as it applies to the Internet
is not clearly defined. For example, no clear definition has been established for standards
of copyright infringement. Does a link from another site to your co ntent infringe on your
copyrights? The litigation involving Internet-based music sharing is delving into this new

Security breaches are another area of significant exposure for companies involved with
the Internet. The introduction of viruses and unauthorized access are well known
examples. Theft of data and extortion are less publicized but equally important exposure
areas. Recently, privacy issues related to e-commerce initiatives have gained national
prominence, and employee actions have beco me a significant source of security breaches.

The exposures listed above are not all inclusive, and no policy provides coverage for all
the exposures.

Cyber Risk insurance is designed for the following sectors of the e-commerce and
Internet world:

      e-Professionals - providing traditional professional services over the internet
      Information Technology (Internet) Professionals - website developers, systems/computer
       consultants, etc
      E-commerce Companies - companies existing only on the net and "clicks & mortar"
       companies, and cont ent providers such as portals, search engines and specialty
       providers of content
      Internet Advertisers - traditional organizations utilizing the internet for marketing
When do I need Cyber Liability Insurance?

Anyone with a Web site now has the legal liabilities of a publisher.

The Internet - that technological wonder of worldwide communication - has spun a whole
new “web” of liability exposures.

Creating a Web site is simple. The exposures that come with it are not. Privately owned
companies that venture onto the World Wide Web face liability exposures that are
emerging, evolving, and complex.

Commercial companies that disseminate information to the public via Web sites face the
same legal exposures as publishers, yet most have little or no concept of their resulting
legal responsibilities. Moreover, new legislation continues to create potential liabilities,
particularly in the areas of user privacy and domain name infringement.

Why do I need Cyber Liability Insurance?

For a company operating in today's high tech world, your computer network will more
than likely provide internal and external email. You will probably have your own web
site providing information about your company, its products and services with even the
possibility of e-commerce.

Traditional liability products do not address Internet exposures and the risks involved in
Internet business have blossomed with the Net itself. That is why you need Cyber
Liability Insurance.

By disseminating information to the public via a website, commercial businesses now
have some of the same exposures as publishers. These include conventional publishing
exposures such as copyright infringement, defamation and invasion of privacy, as well as
emerging exposures related to operating on the Web.

The universe of potential plaintiffs is staggering, given the number of people and
organizations that are currently surfing the Net. A potential legal action from just one of
them could be costly. In a 1999 case, a company improperly used a sports celebrity’s
name and photograph on its web site, and the celebrity sued for the “fair market value” of
his name, plus additional damages of $750,000. Clearly, the potential liability associated
with web site content is already great, still growing, and rapidly evolving.
What are some examples of actual claims regarding Cyber Liability Insurance?

Some recent examples demonstrate the wide range of technology losses from e-
commerce and Internet organizations:

      Denial of service hacking
      User posts libelous material on a bulletin board
      Webmaster uses another site's content in site development
      Theft of client's credit card numbers
      Another party's unauthorized use of your on- line content
      Introduction of a virus into a client's system
      Inadvertent release of client's confidential information
      Theft of product designs
      Extortion
      Web site design that does not function correctly
      Employee makes derogatory comments about a competitor

Professional Liability. A software developer was hired to provide special tax revenue
collection software for a state agency in the southern US. The contract amount was
approximately $11 million. The consultant failed to deliver the software in a timely
manner, resulting in a significant loss of tax revenue to the state. The state agency sued
and the trial court returned a verdict in favor of the state agency in the amount of $474
million, much of which was punitive damages. This is an example of a claim where the
consequences of an error or omission greatly exceed the value o f the work completed.

Extortion. A large, publicly traded company's entire database was encrypted by a
disgruntled employee. A ransom note read in effect: 'try to crack the code or pay me
$1,000,000 and I'll give you the password'. The company paid the $1,000,000.

An accounting firm wanted to upgrade their office desktop technology. In the process of
replacing their old computers they 'cleaned' the hard drives as the manual suggested prior
to throwing them out. A hacker recovered the discarded computers a nd restored the data
on three of the hard drives. He then threatened to disclose the financial records of the
firm's private clients. The firm bought back the hard drives from the hacker for a multi-
million dollar fee.

Hacking. Repeated denial of service attacks by a computer hacker have virtually shut
down a state's Public Access Network Computer. The attacks have overwhelmed the
computers capacity to respond to requests for an electronic handshake by sending as
many as 150 bogus requests a second.

An Internet Service Provider (ISP) was the victim of a hacker attack. The hacker planted
swastikas and racist messages on web pages while masquerading as the provider's
administrator, erased data on two computers and shut down the system. The ISP was
unable to operate for approximately 12 hours, and files created in the several days prior to
the attack were lost.
Loss of Data. A personal laptop computer stolen from a data processing center contained
the account numbers for over 300,000 credit card customers of several major issuers.

A technical instruments manufacturer had a disgruntled employee delete their entire
database. It cost the company $7.8 million in lost revenues and $2.2 million to replace the
lost data.

Shared By: