Archive for June 2015
19% have Cyber Insurance, 50% expect more attacks
Most companies don’t have cyber/data breach insurance. And most think attacks are getting worse (and they’re right). But even large companies are 4 times more likely to use insurance to protect loss of physical assets than loss of data.
These figures come from a current Ponemon Institute study quoted by the national Professional Insurance Agents. (PIA) There’s a link to the study at the bottom of this post.
What do we have to do to convince businesses to protect themselves?
I think, as President of the New Jersey Professional Insurance Agents in addition to GBW Insurance, that most agents are including information about Cyber issues in their talks with clients. But the level of misinformation and ignorance at the client end is still very high.
Smaller businesses tend to assume 1) that they are not exposed, and 2) that there is adequate coverage in their basic insurance policies. #1 is a bad joke; small businesses are great targets for hackers and even better for disgruntled employees. And #2 is a fantasy.
I’m going to go write another letter to all our business clients…
Professional Insurance Agents (PIA) link to the study
The Ponemon Institute study has many other entertaining facts. For example, large publicly held companies said they would have to disclose large lawsuits or large-scale damage to physical assets, but not cyber penetration. I’d like to hear a business litigation attorney on that one.
NJ Flood Claims Reopened
Meeting yesterday with the Professional Insurance Agents of NJ, #PIANJNYConf the Commissioner of Banking and Insurance outlined the reopening of flood claims from Hurricane Sandy.
Commissioner Kobylowski said that private insurance companies servicing the National Flood Insurance Program (NFIP) have had relatively few complaints. However, there are some components of the Sandy losses that have led to a general reopening of claims.
There were approximately 75,000 flood claims in NJ from Sandy.
Of those claims approximately 7,500 involved engineering reports.
Of the those, approximately 3,500 reports were prepared by engineering companies which have been accused of mistakes or misstatements in other states.
The NFIP is offering to reopen claims as necessary to be certain that proper procedures will be followed.
Mailings to the 3,500 claimants above will go out first, followed by mailings to the remainder of the 7,500 claimants whose losses required engineering reports. And the third wave of letters will go to the remainder of the 75,000 claimants.
This is all dependent on the Federal program, NFIP, which is controlled by the Federal Emergency Management Agency (FEMA). The NJ Department of Banking and Insurance (DOBI) will monitor the actions and results from this project and provide consumer information where warranted.
The Scope of Cyber Liability And Data Breach Exposures – And Insurance
These are complicated exposures that now affect even small businesses. And the necessary insurance coverages are complex too.
Business owners must think about paper records, physical system security, and electronic data.
- It will involve their physical building locations, as well as their e-systems.
- They’ll need to know how much data they use and/or archive, as well as how many, and what nature of customers that they have.
- They must think not just in terms of the operations that they solely control, but also of the “Network” in which they are engaged.
A network is as everything and everyone that business owners allow to have some portion of access to their corporate operations, whether they are employees (on-site or remote), on-site or remote contractors, connected third parties and even connected customers. This is especially true when it comes to the use of mobile devices.
Look at how broad the term “mobile device” is, legally, now.
Mobile data includes workstations, computer terminals, internal IT operations, their websites, Facebook pages, Twitter, and other social media connections, as well as all employee connections whether through company provided devices or their own. It also includes all other connections that your customers use to and from third parties to connect to you and accomplish their work, including off- site physical and e-storage locations. It involves current, stored/backed-up and archived data, and documents and files. It is everything.
Take a few hours a year to consider the risks to which your business is exposed. Walking through that allows a business to better see what needs to be done, including insurance.
If you’d like to discuss this and other issues in cyber related insurance, or more traditional business insurance, give us a call at 800-548-2329. We are a NJ insurance agency.
Do You Allow Surfing At Work?
Why would you worry about your employees surfing the Net?
A Salary.com survey said that 64% of workers admitted visiting websites not related to work, every day while at work. 24% of those employees said they spent 5 or more hours a week on such websites. (Note that Salary.com, ironically, has a section for job searches.)
Since another survey suggests that 40% of Internet use in the workplace is not business related, I’d guess that (surprise!) people are understating how much they use your computers for non-work purposes.
Let’s just skip over how much your company’s bandwidth may be used for watching porn.
In 2012 the Federal Court of Appeals for the Ninth Circuit held that using an employer’s computer for inappropriate purposes is not a Federal crime, though one statute called that into question. You the owner may have to prove that your employee was harming your company before you can discipline/fire/jail him or her. Here’s a link to a Wall Street Journal law blog.
IT service provider IT Radix recommends that you implement Internet monitoring software to go with your anti-virus, encryption, and other defenses. It’s not insulting any more than a railing on stairs is insulting. Tell your employees what the rules are, have a written policy, and the software will remind people when they trip.
(Thanks to our client Surfernetwork for the picture of the surfboard hanging from the ceiling of their office. Surfernetwork provides live streaming of radio stations, virtual radio station support, and streaming of corporate meetings and messages. )
GT Insurance Blog 