Cyber liability insurance. Do I need to buy it? Unless your company is not using electronic data, hello, Fred Flintstone, the answer is likely yes. What types of activities make your business vulnerable to data breaches and cyber-attacks? What coverage may you typically find in a cyber liability policy? Cyber liability coverage is increasingly important for any business that uses electronic equipment to conduct its operations. That means virtually everybody.Do you do one or more of the following:• Communicate with customers via email, text messages or social media• Send or receive documents electronically• Advertise your company via electronic media, such as a website or social media• Store your company’s data on a computer network. Examples of company data are sales projections, accounting records, tax documents, and trade secrets.• Store data that belongs to others (such as employees or customers) on a computer network. This data may include customer names and addresses, customers’ credit card numbers, employees’ birth dates and social security numbers, and other sensitive information.• Sell products or services through a company websiteThese activities can help your business or organization operate efficiently. Yet, they also generate risks. Additionally, you could incur large out-of-pocket expenses to repair or restore lost or damaged data.Cyber liability insurance covers lawsuits stemming from events such as data breaches, the inability to access data, or the failure to adequately protect data from thieves. Such lawsuits are not covered by a standard commercial general liability (CGL) policy.For one thing, damage to electronic data does not qualify as property damage under a CGL policy. Why? Electronic data is not considered tangible property. Secondly, most CGL policies contain a specific electronic data exclusion. This exclusion eliminates coverage for claims “based on the loss, damage or corruption of data or the inability to use it.”Suppose that a virus invades your computer network and damages a client’s data which you have taken responsibility to maintain. Perhaps, you are the bookkeeper. As a result of the virus, your client is not able to access records needed for a loan or to document a contract. He sues you for the damage to his data. The suit will not be covered by your CGL policy. Property damage was not at issue.Cyber liability policies protect businesses against lawsuits filed by customers and other parties that result from security or privacy breaches. While these policies have been in the market for almost 20 years, there is still not a common form or policy language among the forms used by the dozens of insurers who now offer cyber liability policies. Recently, one expert in the area gave brokers who sell cyber liability a grade of C-. If those experts have a C- knowledge of the policy coverages, can you imagine what grade he would give the risk managers and business owners who buy such coverage?Virtually all of the forms are written on a claims-made basis. The claim of a data breach or other any cyber related libel or slander, invasion of privacy, or infringement of copyright and other intellectual property rights must occur during the policy period.Most of the forms provide coverage for claims asserted against you by others, known as third-party liability. Now, many cyber policies also cover various first-party expenses, which are your own damages from a cyber incident. Here are examples of the coverages that are often included (or available):• Business Income and Extra Expense covers income you lose and expenses you incur due to a full or partial shutdown of your computer system because of a cyber-attack, virus or other insured peril. This coverage differs from business income and extra expense insurance that are available under a commercial property policy.• Loss of Data covers the cost of restoring or reconstructing your data that was lost or damaged due to a virus, hacker attack or other covered cause.• Associated Costs covers costs you incur due to a data breach. Examples are the cost of notifying affected customers as required by law, and the cost of providing credit monitoring to affected customers. Often as part of these notifications, fines and penalties are imposed. These fines and penalties can be expensive and there is discussion among carriers as to the rationality for covering such “damages” as they are intended as punishment or a deterrence to others. Such costs are historically not insured. In the event of a breach of private health information, identity monitoring is more important to those who may have had their health records exposed than is credit monitoring.• Cyber Extortion covers the costs associated with a cyber ransom threat. For example, a cyber-criminal threatens to exploit a security flaw in your computer system or shut down your system with a denial of service attack unless you pay him or her a sum of money. Normally, they demand payment in bitcoins or cyber currency.Some policies have been developed for the specific needs of technology companies while some are designed for health care organizations. Some insurers offer a range of coverages on an “a la carte” basis. This enables insurance buyers to select the coverages they need the most. Although, this can confuse the unsophisticated buyer or broker who may not select the right coverages.Your agent or broker can help you obtain cyber liability insurance. The application is likely to ask detailed questions about your firm’s computer system and how it is secured. Although, while in the past, carriers often did an audit of the security in place by prospective insureds, those are occurring less and less often. Insurers normally inquire about the following:• Firewall Does your system have a firewall?• Virus Scans Do you scan email, downloaded content or portable devices for viruses?• Responsible Person Who is responsible for network security?• Security Policy Do you have a written security policy?• Protection Software Is your system protected by anti-virus software? Do you use intrusion detection software?• Remote Access Do employees, customers or others access your system remotely? If so, what system is in place to authenticate users?• Sensitive Data What types of sensitive data (social security numbers, credit card information etc.) do you store on your computer system? Is the data encrypted?• Access Do you control access to sensitive data?• Data Controls Testing Do you periodically test your data control measures?• Data Backup and Storage Do you back up your data daily? Where are the backups located?By Keith Daniels
In the beginning, internet abuse laws were drafted to protect internet users from fraud and other types of cyber crime. Laws and policies designed to protect internet users are drafted and enforced by the FCC, or Federal Communications Commission.As the internet gained popularity, the number of reported cyber bullying cases increased dramatically. When the first cases began to appear, there was little law enforcement officers could do to punish the offender or protect the victim.In the case of Megan Meier, no charges were ever filed against the bullies who harassed her. The mother and daughter who initiated the ruse created a fictitious MySpace profile for a young man. They convinced Megan that “Josh” liked her and wanted to be her boyfriend. After a few weeks,Megan was told that Josh no longer wanted to talk to her.The constant barrage of negative comments and veiled threats, pushed Megan over the edge. Two weeks short of her 14th birthday, committed suicide. The two perpetrator’s new that Megan struggled with depression and took medication to control her condition.Internet Abuse LawsAccording to law enforcement officers who investigated the incident, for whatever crime they committed, could not be charged because there was no documented charge on the books that for what they had done. No charge existed that fit the description of what they had done. That eventually changed when the Cyberbullying Protection Law was drafted into legislation.The Cyberbullying Protection Law made it a crime to harass, stalk and bully another person, over the internet. Other pieces of legislation soon followed. Cyberstalking laws were drafted and enacted in every state of the union. Federal legislation was also enacted to protect internet users from being stalked and harassed. Special laws were also passed that were designed to specifically protect minors. Each state was responsible for drafting, approving and enforcing their own versions of the federal Internet laws.Various Types of Internet AbuseInternet abuse takes many forms. With the introduction of new forms of technology, the number of fraud and identity theft cases skyrocketed in a few short years. In addition to major financial crimes, the internet created the perfect medium for the production and sale of child pornography. The inclusion of the internet into public schools taught children how to navigate the world wide web.As students became more proficient in the use of computers, bullies began to use the internet to stalk and harass their victims. For a bully, the internet was the perfect medium in which to operate. They could come and go as they pleased without leaving any physical evidence. The best part to them was that they could remain completely anonymous.Internet Abuse Laws: Cyber BullyingInternet abuse laws designed to deal with cyberbullying, must be drafted in great detail to be effective. In Megan Meier’s case, the legislation came too late. However, the Foundation that bears Megan’s name continues to push for new and improved legislation that will hold cyberbullies accountable for their actions. Members of the foundation have been advocates of change to make sure with each law that gets passed, no more victims will fall through the cracks. It is their goal that for every victim has the guarantee that their bully will be prosecuted to the fullest extent of the law.Cyberbullying laws cover a variety of activities that are now considered to be illegal. The following activities are included in many pieces of legislation:
Stalking using any type of communications device
Sending threatening texts or emails over cell phones, texts, instant messaging, etc.
Harassing an individual with repeated attempts at contact either through phone calls or texts, emails, instant messaging, etc.
Soliciting sexual favors
Sending or receiving pornographic images of minors
Interacting with a minor in a sexual manner using any type of device governed by the FCC
Cyberbullying has become one of the fastest growing crimes in history. Before the internet, a bully could only harass those that were close to their location. Now with the internet as a starting point, they can threaten, harass and stalk individuals who are half a world away. There are few boundaries they can’t cross and they can do it all from the security of their own home.Individuals who are technologically savvy can hide their tracks fairly well leaving behind few traces for investigators to follow. Those who are exceptionally skilled at hacking and programming can create shields and firewalls that are difficult to crack, even with the advanced systems law enforcement agencies have access to.Internet Abuse StatisticsStatistics that detail how extensive cyberbullying really is create an incredible picture of just how wide spread the problem is. Internet stalking and harassment reports increase daily and from the looks of the numbers, there is no end in sight.
Over 80 percent of students think that cyberbullies choose to use the internet because they can remain anonymous and it is much easier for them to get away with the crime
Over two thirds of the teens surveyed believe that cyberbullying is becoming a serious problems that needed to be investigated further
Over 40 percent of students admit to having been bullied at least once and out of those numbers at least 1 in 4 claim that it has happened more than once
Statistics have proven that girls are targeted by cyberbullies twice as often as boys
The majority of girls who are stalked on line are white
Statistics state that a person who is bullied online is 9 times more likely to contemplate suicide than individuals who aren’t bullied
Statistics show that only 1 out of every 10 children who are bullied online will report the incident to a parent, teacher or other person in a position of authority.
Cell phones are increasingly common among middle and high school students. It is estimated that almost 80 percent of students use a cell phone or other electronic device on a daily basis
Statistics shown that almost 90 percent of teens have seen or experienced bullying on a social media site such as Facebook and Twitter
Internet abuse laws target individuals who attempt to use the internet as their own personal playground. Cyberbullying and internet stalking have reached epidemic proportions, causing schools, libraries and other public places to implement anti-bullying programs to raise awareness about the dangers of surfing the internet without taking adequate precautions.Anti-bullying programs attempt to teach both parents and children safe ways to navigate the internet without becoming vulnerable to predators and cyberbullies who are capable of hacking into personal computers and other electronic devices. Programs designed to help students remain safe while surfing the web offer tips to the public to help them learn what types of online behavior is acceptable and what should be avoided.Anti-virus programs are designed to prevent hackers from installing spyware and malware on computers. Hackers attach files to emails and websites so that when a person opens the attachment or clicks on the website the malicious software is downloaded directly to their computer. These programs can take over manual operations of a laptops camera or install keyloggers that track the users every move. This allows the hacker to retrieve passwords, codes, confidential banking information as well as a variety of other types of private and personal information.