Last year, Wyndham Worldwide Corp. was successfully sued by the Federal Trade Commission for three major data breaches the company had suffered in the past three years. The basis? Wyndham Worldwide was accused of unfair trade practices and misleading customers into believing their cardholder data was adequately protected.
That rule sounded like a clarion call to both insurance law experts, business owners and the insurance producers who work with them. The message was clear: businesses were now professionally liable for data breaches.
“The FTC has as much unfettered access as it’s ever had to regulate data security,” said Gregory Podolak, a partner with Saxe, Doernberger, and Vita, who studies and works in cyber insurance law. “The key point is that now that clients know the FTC has this authority, they will be even more concerned about having the proper coverage in place to respond and absorb this loss.”
And cyber breaches are not going away. According to data from the Ponemon Institute, two million cyber attacks occur on businesses every week, with a whopping 72% affecting small- to medium-size businesses.
Some sectors are even more at risk.
The liability stemming from these breaches translates directly to errors and omission (E&O) territory, and may be a powerful selling point when producers discuss risk with clients.
“I think the biggest challenge and the biggest area of potential growth is helping business owners understand their privacy and data risk,” said John Torvi, director of sales and marketing for Landy Insurance Group. “Whether it’s computer hacking, employee dishonesty or just dumpster diving, this is not something just big business has to worry about—it’s everybody.”
Helping clients understand data and cyber risk, particularly how it relates to their own E&O exposure, will be the next game-changer for the industry, Torvi believes.
And the best part is that specific cyber products have evolved so much in the recent years, agents will be working with a variety of policies specifically catered to the size and specific needs of clients.
“Five years ago, cyber policies had high premiums, high deductibles and was irrelevant to the small- and medium-sized business owner,” Torvi said. “That has definitely changed…the market has responded with coverage available at reasonable prices for just about every kind of business now.”
He pointed out that policies with small deductibles are available for “well under $1,000,” which provide good coverage for smaller businesses.