A single security breach can trigger multiple coverages

Security breaches are becoming more frequent as businesses increasingly rely on technology to store and transfer assets and sensitive information. With each security breach, there is the risk that a lawsuit or regulatory action could damage a company’s reputation and do serious financial harm.

Some retailers and financial institutions already have faced litigation and regulatory actions, and some of these firms are now trying to hold their technology vendors and others accountable.

“Any technology provider that sells a product or service that includes a security feature is at risk of being sued,” said Jim West, senior vice president at Chubb & Son and worldwide manager of Chubb’s Information & Network Technology segment.

But West warns that many technology companies buy insurance that does not address the many exposures related to security breaches.

“Depending upon the circumstances, a single breach can trigger a variety of insurance policies, including crime, errors and omissions, employment practices liability, general liability, property and even directors and officers liability,” West said.

“With the advent of so-called ‘cyber’ policies, we are concerned that technology companies are buying insurance that addresses only one facet of the exposure,” he said. “Technology companies should take an enterprise-wide approach that includes insurance for business income, impairment of computer services, general liability, data recovery costs, privacy lawsuits, reputation injury and communications liability, and errors and omissions.”

Much has been written about “cyber” risks and the theft of information, money and identities through the Internet. Since February 2005, there have been more than 260 major security breaches involving nearly 100 million personal records, according to Privacy Rights Clearinghouse. But West warns that any organization that focuses just on its cyber exposures is not fully protected against security breaches. He advises technology companies to work closely with their agents or brokers and insurance companies to identify and address gaps in their insurance portfolio.