While the data breach coverage provided by your Big
‘I’/Westport E&O policy is a nice feature, it is no substitute for a
stand-alone cyber liability policy. Here are the top reasons why your agency needs
cyber liability coverage. After reading
this article you should contact your Big
‘I’ state association about the Big “I” Cyber Liability Program*.Insurance agencies collect high volumes of personal
identifiable information (PII). “Everybody who has employees has cyber
exposure, but insurance agents actually have more exposures than most other
companies because they have so much PII,” says Alex Wayne, executive vice
president at A.J. Wayne & Associates, Inc.
All insurance businesses, including independent agencies,
collect a large volume of data—from credit card and bank account numbers
to addresses, social security numbers and personal health information, says
Brian Thornton, president of ProWriters.
“Criminals know this—that all the information collected at
an insurance agency is high PII,” says Laird Rixford, president of Insurance
Technologies Corporation. “They absolutely target financial industries. They’re
not going to target a bakery shop. They’re not going to target a gas station,
other than trying to go after their credit card vendor. Credit card numbers are
great, but true identity theft information is much more valuable to a thief or
criminal.”
And it’s not just about your agency, either—it’s every other
organization you partner with to sell your products. “An insurance agency deals
with a lot of carriers,” Rixford points out. “What if one of those carriers has
a breach? Technically it’s the agent’s responsibility to keep that client data
secure.”
Small agencies have less money to spend on damage
control. Contrary to popular belief, smaller businesses actually have “all
the more reason why they should buy the coverage—they don’t have the assets to
protect themselves and cover their bottom line,” Wayne says.
That applies to both protecting your business against a
security event in the first place and dealing with the fallout if an event
occurs. “The large agency or large carrier has invested the time, effort and
money to at least try to put up some security front,” Rixford says. “Smaller
agencies don’t have the money, the infrastructure, the time, the effort, the
knowledge to create a technology resistant to someone trying to attack them.
They’re vulnerable; they don’t update their patches; they don’t have security
practices in place.”
But cyber threats can infiltrate even the most secure of
systems—and smaller agencies are also less equipped to deal with the aftermath
of a breach. All but three states have cyber laws on the books, and according
to Rixford, state fines can reach anywhere from $1,000-$100,000 per incident.
In some areas, including California, every individual with leaked information
is considered a new incident that carries a minimum fine of $1,000 each.
“If you breach 500 people, that’s $500,000,” Rixford says.
“There are massive fines tied to this. Most companies, whenever they don’t have
a cyber or some kind of liability policy that covers cyber, they don’t survive.
One incident will take a business out.”
And even if an agency can handle the costs associated with
notification and credit monitoring, “the time cost involved with going through
the rules and figuring out what type of letter needs to be provided could be a
huge time drain beyond the actual dollar and cents cost,” Wayne says.
Independent agencies rely on maintaining a sparkling
reputation. If you’re selling cyber coverage to your clients, going through
the process of securing it for your own agency will give you a leg up when
making the sale.
“You’ve learned by doing,” Thornton points out. “You’ve gone
through that same analysis of what is our exact exposure? What data do we have
that would be classified as PII or PHI? What drives the sale at the end of the
day is when an agent really understands the exposure, they can really answer
the client’s questions more easily.”
Most of ProWriters’ independent agency clients initially
sought cyber coverage after already working on selling it to their clients,
Thornton says. “For most of them, as they started to sell the product to their
clients, they realized ‘Wait a minute—I’ve got that exposure too,’” he says.
“If you’re selling this to your clients, you should be taking that same
exposure seriously. The last thing you would want to see happen is you have a
breach of your own and you mismanage it or don’t have a policy.”
Beyond setting an example for your commercial clients,
having adequate cyber coverage is now necessary to ensure the trust of your
entire customer base. “Can you imagine saying, ‘As your trusted advisor who you
entrust with your entire financial future, we just lost all your information’?”
Rixford asks.
“People are very sensitive about their personal information,
and word gets around in a smaller town,” Wayne agrees. “If an agency has this type
of public relations black eye, it could be devastating. If there’s another
agency and they didn’t have this type of issue, a customer will choose that
other agency.”
Contact your Big ‘I’ state association today for more
information on getting a cyber liability quote from the Big
‘I’ Cyber Liability Program*. We
wanted to make sure getting this critical coverage was quick, easy, and
affordable for members.
* May not be available in all states.
