Cyber Liability: A Growing Concern for Contractors

  • /sites/default/files/styles/cover/public/cover/random/2017-11/cover-pic-02.jpg?h=afa3cfa7&itok=QvEihQ2y
  • /sites/default/files/styles/cover/public/cover/random/2017-11/cover-pic-03.jpg?h=452f395a&itok=o2eJpQ1X
  • /sites/default/files/styles/cover/public/cover/random/2017-11/cover-pic-04.jpg?h=d85646e8&itok=e-zcRWuw
  • /sites/default/files/styles/cover/public/cover/random/2017-11/cover-pic-05.jpg?h=eb90c5f1&itok=fmftIU1H
  • /sites/default/files/styles/cover/public/cover/random/2017-11/cover-pic-06.jpg?h=f8567693&itok=OYoPjORc
PentaRisk Insurance Services Newsletter   -   Vol 2   Issue  18   -   May  2015
 
Cybersecurity attacks have become not only more numerous and diverse, but also more damaging and disruptive. Contractors are not immune from cyber-attacks, or the costs and liabilities caused by these attacks.
 
One of the single largest cyber-attacks occurred in 2013 when hackers penetrated Target Brands, Inc.'s (Target) systems using network credentials stolen from Fazio Mechanical Services. See this link for full details: http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Using these credentials, the hackers were able to obtain over 40 million credit and debit card records from Target customers. The initial take was that the contractor was doing monitoring work on the systems, in respect to optimal energy usage. Further investigation revealed that the contractor was performing routine electronic billing, contract submission and project management - typical tasks for any contractor. The hackers exploited this opportunity

Contractors have a unique role and exposure in possible data breaches and cyber attacks. This is due to the fact that they are often on the ground level of all new construction projects, including the development of design specifications, building information and networking systems, security systems, and HVAC systems. Contractors and their clients are becoming more interconnected via technology. From online payment systems, to sharing of specifications and bid documents, contractors are exposed to losses that are not covered by traditional insurance.

Cyber liability insurance protects you from suits alleging breaches of private information, such as employee records, credit card information, bids, financial information and other sensitive corporate data. It provides third party coverage for damage to your customers and first party coverage for the costs to restore your data and systems following a cyber attack.

The Chart below highlights some of the key coverage provided:
3rd Party Liability (Claims Alleging...)
1st Party Liability & Expenses
Failure to prevent unauthorized access
Costs to notify affected parties via letter, and to reissue credit/debit cards
Error or omission in IT security practices and procedures
Credit remediation expenses (credit freeze, hold and watch)
Misappropriation of digital assets or personal information
Crisis management expenses and public relations expenses
Failure to prevent a Distributed Denial of Service (DDoS) attack
Lost revenues, including business interruption
Failure to prevent transmission of malicious code/malware/viruses
Costs to improve or upgrade IT security systems
Copyright, trademark, domain name, trade name, trade dress infringement
Reputational damage, including loss of customers
 
The low cost of cyber liability insurance is about the same as the fee charged by an IT recovery specialist for a few hours of time spent after a cyber attack, and monetarily eases the burden for the time necessary for you to comply with the state laws to notify affected parties. The following are some pricing indications for various sized contractors, based upon the number of employees, as well as the amount of personally identifiable information (PII) a company keeps on hand:
Employee Range
0-20
20-50
50-500
PII
0-50
20-100
50-1,000
Limits
$1,000,000
$1,000,000
$1,000,000
Deductible
$10,000
$10,000
$10,000
Annual Premium
$1,000-2,500
$2,501-5,000
$5,001-15,000

In addition to the coverages provided after an attack occurs, most cyber liability insurers contract with vendors at deeply discounted rates to determine current vulnerabilities. These vendors may be lawyers who can assist policyholders in the implementation of an incident response plan. They may also be software companies that can scan an insured's system for weaknesses in IT infrastructure. One insurer will even provide a shunning tool (i.e. firewall) for insureds with policy premiums in excess of $5,000.

You are a good candidate for Cyber Liability Insurance if:

  1. You or your employees can access your customers' systems or networks
  2. You accept credit card payments
  3. You store confidential employee records online or in unlocked file cabinets
  4. You allow remote access to your portal or systems
  5. You have not upgraded your email and systems with the latest encryption software
There are numerous insurers offering cyber liability coverage, however only a few of them have the experience and broad coverage forms needed to protect contractors. 

 

Please contact your PentaRisk Broker or Account Executive to obtain a quote. We can start the quote process with a 1-page application. Visit our website at http://pentarisk.com/

 

Category