Why is Cyber Liability insurance important?

According to the National Cyber Security Alliance, 60% of hacked businesses, small or midsize, go out of business within six months. The vast majority of general liability policies exclude indemnity and defense for both first and third-party liability arising from: online bulletin boards, chat rooms, confidential or personal information and data-related liability. If your organization is handling personally identifiable information (PII) of employees, customers or vendors (either in paper format or digitally) consider developing best practices for risk transfer procedures in collecting, handling, storing and destroying PII.

​

Another hot topic to discuss which as the potential to be covered on a Cyber Liability or Crime policy is Social Engineering which is a manipulation tactic where attackers exploit human psychology. Through deception, trust-building, or urgency, the bad actor tricks people into revealing sensitive information like passwords or granting access to systems (i.e. willful departing).​ It often involves phishing emails, pretexting (impersonation), or baiting with enticing offers, bypassing technical defenses by targeting the "human firewall."​

​

It's critically important because it accounts for nearly all cyberattacks (up to 98%), succeeding where tech fails due to peoples natural tendencies to trust or react emotionally, making awareness training essential for security.

​

Due to recent HUD regulations, many real estate owners, managers, and board members should be ultra-sensitive in managing online chat rooms and forums for their respective communities.  Successful management avoids allegations/lawsuits claiming harassment, discrimination, libel and slander which a standard, general liability policy rarely covers.

​

Claims Example:

Several condominium owners discovered that their tax returns had been filed fraudulently. After further discussion and investigation, they discovered that the breach occurred via the property management portal (third-party vendor) which resulted in the release of several hundred resident's personally identifiable information. As a result, several residents decided to file suit for damages against the association and vendor.

 

Unfortunately for the association, their property management vendor contract did not indemnify or defend the association for data breaches and the association's general liability insurance included "confidential and personal information" exclusions. The association ended up paying over $95,000 in costs to defend and indemnify the impacted residents out of pocket.