Contractors On-Site Cyber Liability
I’m a contractor; why would I need cyber liability? Construction job sites provide a great opportunity for hackers to steal your company’s data. Contractors and subcontractors share data, emails and other various files where viruses and spyware can hide.
One of the greatest exposures when it comes to cyber incidents is the loss of personal information. This often happens when hackers are able to access employee laptops, mobile devices and tablets. These devices are often targets of theft and are especially vulnerable at job sites. There’s also the invisible threat of Wi-Fi that can open up a way for hackers to access company information though unsecured networks .
Mobile devices can be a large security threat as well. Employees often have mobile access to confidential information such as customer data, architectural or engineering drawings, intellectual properties, internal employee personal data, financial business information, etc.
According to a study done by Ponemon Institute, 66 percent of employees are using unapproved mobile sites that could contain viruses and malware. Employees underestimate the risk of their mobile actions, and it’s the contractor’s responsibility to protect its data and the security of sensitive records and information. This can be done through employee training and education, as well as cyber liability protection.
In the News
I’m sure you heard about the Target cyber breach. Reports suggest that the breach affected upwards of 110,000,000 records with a claim cost of over $252,000,000 and counting. $90,000,000 of that was from insurance proceeds. As a contractor, you may think how does that affect me? Well, the cyber breach came through a HVAC contractor that Target used to monitor their refrigeration units. A phishing email was used with malware and offered the hackers a way into Target’s systems.
There are substantial financial costs involved in finding and fixing a breach. According to the Ponemon Institute, these costs are around $217 per record. It’s also now legally mandated by most states, including Illinois, that you must notify all affected parties. Cyber Liability insurance is one tool that can assist with the following breach remediation and notification expenses:
- Assist in finding and fixing the breach
- Determine the number of potentially affected individuals
- Create and mail notification to these individuals
- Provide credit-monitoring services for 365 days
- Create a call center to handle inquiries
- Provide defense in claims stemming from a data breach
- Assist with state or federal regulatory expenses
- Cover various public relations services
- Assist with computer program and electronic data restoration expenses
- Provide computer fraud coverage for loss of money or securities or other property due to unauthorized access to the computer system
- Provide funds transfer fraud coverage for loss of money or securities due to a fraudulent transfer instructions to a financial institution
(Note: This is an illustration of common cyber coverages and there are inconsistencies among policy forms. A thorough analysis of coverages should be conducted for each risk.)
It’s an unfortunate sign of the times, and one that will certainly require preventive solutions. A standard Commercial General Liability policy excludes data and technology losses, so companies often purchase a cyber policy to close the gap. Cyber Liability insurance paired with employee training and education should be critical parts of your plan to mitigate expenses associated with a cyber-attack or data breach.
The New Sheriff in Town: Cyber Liability & Contractors
Cyber & Privacy Liability: Part 1 Webcast
Cyber & Privacy Liability: Part 2 Webcast
It's Not About the Money: Sony's Cyber Attack
Modeling Cyber Exposure
ABOUT THE AUTHOR