Security and Privacy Liability Insurance protects the insured from loss due to a security failure or privacy event.  Security Failure is defined as:

(1) a failure or violation of the security of a Computer System including, without limitation, that which results in or fails to mitigate any unauthorized access, unauthorized use, denial of service attack or receipt or transmission of a malicious code;

(2) physical theft of hardware controlled by a Company (or components thereof) on which electronic data is stored, by a person other than an Insured, from a premises occupied and controlled by a Company; or

(3) failure to disclose an event referenced in Sub-paragraphs (1) or (2) above in violation of any Security Breach Notice Law.

“Security Failure” includes any such failure or violation, resulting from the theft of a password or access code from an Insured’s premises, the Computer System, or an officer, director or employee of a Company by non-electronic means in direct violation of a Company’s specific written security policies or procedures.  

Privacy Event is defined as:

(1) any failure to protect Confidential Information (whether by “phishing,” other social engineering technique or otherwise) including, without limitation, that which results in an identity theft or other wrongful emulation of the identity of an individual or corporation;

(2) failure to disclose an event referenced in Sub-paragraph (1) above in violation of any Security Breach Notice Law; or

(3) violation of any federal, state, foreign or local privacy statute alleged in connection with a Claim for compensatory damages, judgments, settlements, pre-judgment and post-judgment interest from Sub-paragraphs (1) or (2) above.

Event Management provides coverage for costs the insured incurs as a redult of the above referenced Security Failure or Privacy Event. Loss for this coverage part is defined as:

the following reasonable and necessary expenses and costs incurred by an Insured within one year of the Security Failure or Privacy Event:

(1) to conduct an investigation (including a forensic investigation) to determine the cause of the Security Failure or Privacy Event;

(2) for a public relations firm, crisis management firm or law firm agreed to by the Insurer to advise an Insured on minimizing the harm to such Insured, including, without limitation, maintaining and restoring public confidence in such Insured;  

(3) to notify those whose Confidential Information is the subject of the Security Failure or Privacy Event and advise of any available remedy in connection with the Security Failure or Privacy Event, including, without limitation, those expenses and costs for printing, advertising and mailing of materials;

(4) for identity theft education and assistance and credit file or identity monitoring;

(5) for any other services approved by the Insurer at the Insurer’s sole and absolute discretion;

(6) to restore, recreate or recollect Electronic Data; or

(7) to determine whether Electronic Data can or cannot be restored, recollected or recreated.

Provided, however, Loss shall not include compensation, fees, benefits, overhead or internal charges of any Insured.

Media Content Insurance- protects the insured for any Wrongful Act during the gathering, collection, broadcast, creation, distribution, exhibition, performance, preparation, printing, production, publication, release, display, research, or serialization of material, which results in:

(1) infringement of copyright, title, slogan, trademark, trade name, trade dress, mark, service mark, service name, infringement of domain name, deep-linking or framing, including, without limitation, unfair competition in connection with such conduct;

(2) plagiarism, piracy or misappropriation or theft of ideas under implied contract or other misappropriation or theft of ideas or information; including, without limitation, unfair competition in connection with such conduct;

1. invasion, infringement or interference with rights of privacy or publicity, false light, public disclosure of private facts, intrusion and commercial appropriation of name, persona or likeness; including, without limitation, emotional distress or mental anguish in connection with such conduct;

   1. defamation, libel, slander, product disparagement or trade libel or other tort related to disparagement or harm to character or reputation; including, without limitation, unfair competition, emotional distress or mental anguish in connection with such conduct;

   2. wrongful entry or eviction, trespass, eavesdropping or other invasion of the right to private occupancy, or false arrest, detention or imprisonment or malicious prosecution; including, without limitation, any emotional distress or mental anguish in connection with such conduct;

   3. negligent or intentional infliction of emotional distress, outrage or prima facie tort in connection with Material; or

   4. Loss because a third party, which has no ownership relationship with any Insured, acts upon or makes a decision or decisions based on the content of the Material disseminated by an Insured or with an Insured’s permission.

Network Interruption Insurance- provides coverage for loss that occurs as a result of a security failure. Loss is defined as the below listed costs incurred within 120 days after the end of a Material Interruption (or 120 days after the Material Interruption would have ended if an Insured exercised due diligence and dispatch):

(1) costs that would not have been incurred but for a Material Interruption; and

(2) the sum of all of following, which shall be calculated on an hourly basis:

(a) Net Income (Net Profit or Loss before income taxes) that would have been earned; and

(b) Continuing normal operating expenses incurred, including payroll.

“Material Interruption” means the actual and measurable interruption or suspension of an Insured’s business directly caused by a Security Failure.

Cyber Extortion Insurance- provides coverage for the insured that the insured incurs as a result of a security threat. A security threat is defined as: any threat or connected series of threats to commit an intentional attack against a Computer System for the purpose of demanding money, securities or other tangible or intangible property of value from an Insured.

Do you read your insurance policy?  Not many people do, as they rely on their insurance brokers or agents to do the “dirty work” for them. Generally, this is not a good practice to follow when purchasing insurance, and is equivalent to purchasing a car without knowing the mileage, year and past mechanical issues of the vehicle.  Remember: your insurance policies are a contract, and it is imperative to know what exactly you are covered for and if the policy responds to the needs that led you to purchase insurance for in the first place.

While reading your insurance policy can be difficult, so much so that more than half of the states in the US have enacted “readability” laws for insurance policies, it is a task that must be done to make sure you are getting what you paid for.  Most policies have a Schedule of Forms and Endorsements page and follow the D.I.C.E model, which stands for Declarations, Insuring agreement, Conditions and Exclusions.  Once you understand the functions of each of these sections, you will be well on your way to understanding your policy and making sure you know what you are covered for.

Schedule of Forms and Endorsements Page

This page is like a table of contents for your policy, except instead of it giving the page number the form will be found on, it simply gives you the form number that is included in your policy.  This page lists the forms that are included and made a part of your policy.  Think of it as an abstract summary of your policy.

Declarations

If you don’t read any other section in your insurance policy, at the very least you want to read this.  In some ways the Declaration Page summarizes your policy.  It includes important information, such as your address and contact information, and the information of your carrier and broker, but most importantly it is explains what is insured, for how long and up to what limits.  It is incredibly important to review this page, and if anything is incorrect, bring it to the attention of your carrier or broker immediately.

Insuring Agreement

This section begins the nitty-gritty details of your policy.  It states what the insurance company is agrees to pay, up to what limits and details when the occurrence must have happened for the insurer to pay.  You will find multiple insurance agreements within the same policy, each applying to a different type of coverage.  For example, for a Commercial General Liability policy you may see COVERAGE A BODILY INJURY AND PROPERTY DAMAGE LIABILITY, followed by insuring agreement and exclusions, COVERAGE B PERSONAL AND ADVERTISING INJURY LIABILITY followed by insuring agreement and exclusions and COVERAGE C MEDICAL PAYMENTS, followed by insuring agreement and exclusions.  It is in this section that the “legal banter” begins, so you may have to read the section a couple of times before it is fully understood.

Conditions

The conditions section of your policy will be its own form and will discuss circumstances that will be applied to the entire policy.  The following are examples of certain conditions that may or may not apply to your own policy:

• The proper steps to take to cancel the policy by either the insured or the insurer

• How changes can be made to the policy

• Inspections and Surveys the insurance company has a right to do

It is important to abide by these conditions as failure to do so can lead to a denial of a claim.

Exclusions

You can find the exclusions right after the insuring agreement.  While this section is written in legal terms, it is important to understand what events and circumstances are not covered in your policy.  It is especially important to understand this because you may need insurance for something that is excluded, and therefore will need to purchase an endorsement.  

 Ultimately, you want to try to read your policy over two or three times to get the basic gist of what is covered and what is not.  You owe to yourself and the security of what is being insured to understand your policy.  If you can’t understand it after a couple of tries, give your agent or broker a call and to get an official answer.

Businesses are venturing into the digital landscape and utilizing this social media as a cheap, but typically effective marketing tool. While it may seem easy, and dare I say fun, to interact with your prospective and existing clients through this medium, there are certain situations companies should carefully navigate through, to avoid any unintended negative consequences. Even a company who exercises sound risk management practices regarding their program may encounter a situation which gives rise to a claim. A combination of risk management practices, and appropriate insurance coverage can help mitigate any costs related to unexpected claims.

If a company has any online operations, including but not limited to, having a website, transferring sensitive information digitally, accepting payment electronically, collecting/storing sensitive data regarding customer or employee personal information, purchasing a cyber policy is crucial. While cyber policies can be written to provide a broad array of coverages, they are often limited to advertising injury related only to those that originate from a company website. Depending on the coverage form selected, a lawsuit resulting from activities may not be covered under the policy.

The good news is that there are policies available, often as an additional coverage form or endorsement to a cyber policy, to protect a company for claims arising from their presence on social media. One policy example is called the Media Content Coverage policy. This policy is especially ideal for companies who aggressively use as a form of brand recognition and to disseminate content. This type of policy would protect a company against a lawsuit pertaining to the Digital Medium Copyright Act, or a suit due to libel or slander from a third party.

An example of a claim related to the Digital Medium Copyright Act would be if a company posted copyrighted material infringing on the author's sole right to said material. In an event like this, a Media Content Coverage policy would be triggered to defend the insured in such a lawsuit from a third party. One way a company can avoid such a suit is to be sure its marketing team is intimately aware of the Digital Medium Copyright Act and offer training on how to determine if a digital article is copyrighted and subject to the act. However, in the event an article slips through the editorial cracks, a Media Content Coverage policy would lessen the cost of a lawsuit.

Libel claims can arise from , even if the libelous comment did not originate from your company. Imagine the following scenario: The local flower shop, Best Flowers, actively maintains a Facebook page. A loyal, well-meaning customer comments on the page about how awesome Best Flowers is and, at the same time, says negative and untrue comments about a competing local flower shop, Amazing Flowers. If Best Flowers takes no action regarding the comments, Amazing Flowers could sue Best Flowers for damages arising out of the alleged libel. If Best Flowers has a Media Content Coverage policy, it will cover the cost of defending Best Flowers in a lawsuit.

With the marketing scene existing almost fully in the digital space, more companies are going to climb aboard the cyber band-wagon. Companies can attempt to make themselves aware of all possible situations that could lead to claims and litigation, and take steps to follow sound risk management practices, but claims scenarios can still arise. Considering Media Content Coverage is a sound idea. If you are currently engaging with a audience, but are unsure or unaware of the risk associated with it, contact ISSI for a full analysis of your risk and exposures to loss.