With the evolution of Internet-based communications comes the daunting issues of worsening identity theft, electronic data exposure and other forms of cyber liability. Installing security contractors, in particular, must be aware of the dangers such threats could pose to their livelihoods and financial well-being.
Consider the myriad uses the Internet will soon provide to the alarm and communications industry. Wireless, cellular and radio (GPRS) networks will enable connecting clients to be linked to large, encrypted Internet data centers (IDC) worldwide. Real-time, two-way video will link doctors to patients, and babysitters to moms and dads. Biometric systems will integrate health records, computers, E-mail and Web site control applications, and help prevent unauthorized access by rogue employees and terrorists.
Cyber liability is something akin to an iceberg: It may be deeper than it looks. One of the most significant exposures will be “failure to protect your network.” Unauthorized access and the liability exposure will not be covered within an alarm contract “limitation of liability” due to negligence to protect a network.
Don’t Underestimate Cyber Liability
According to the FBI’s “Computer Crime Survey,” nearly nine of 10 organizations were victimized by some form of computer security incident in 2005. About 65 percent of the respondents reported they incurred financial loss as a result. Most of the attacks came by way of viruses and spyware, while more than one in five organizations said they experienced port scans and network or data sabotage.
This activity, criminal or otherwise, has caused risk managers, legislators and plaintiff attorneys to take notice — and legal action. The defense costs of the “chain of breach” can be millions of dollars depending on who is found liable. This affects any person or company interfacing with or downloading from a computer that causes damage to another computer’s data or software.
Through the years, insurance companies in response to this increased exposure have modified the property and general liability policies intending to restrict coverage in connection with loss of electronic data and liability. Prior to 1966 the definition of “property damage” was not defined (except with the insuring agreements). The result of the revised language was to stipulate that “electronic data is not tangible property,” which excludes coverage.
Exclusionary language in endorsements CG-0437 and paragraph “P” of the Commercial General Liability (CGL) policy’s Coverage A is aimed at restricting coverage for loss of electronic data. Other endorsements “per company” are also added to policies such as “electronic data liability exclusions,” “computer data exclusions,” “malicious code exclusions,” and so on.
Keep in mind that limits of coverage are following form. If it’s excluded, it’s not covered under the liability or property policies. This means no defense or indemnification!
Mitigate Your Loss Potential
Two precedent-setting law cases rendered opinions in 2003 that the alarm industry needs to be aware of to fully appreciate the gravity of cyber liability.
In Ward General Insurance Services Inc. v. Employers Fire Insurance Co., the California Court of Appeals held that data is not considered tangible property in the context of a property policy. Therefore, a loss of data would not constitute a direct physical loss. Similarly, the United States Court of Appeals for the Fourth Circuit in AOL v. St. Paul Mercury Insurance Co. also found that computer data is not tangible property under a general liability policy.
Clearly, solutions to mitigate cyber liability need to take a high priority with management. For instance, it’s vital to implement antivirus software, hub and firewall security networks. Also, consider adding a cyber liability insurance policy. Review with an insurance agent or broker the coverage and exclusions in existing general liability, professional liability, and property insurance policies.
In particular, it’s important to evaluate, identify and connect IP network liabilities and loss of property, including electronic data and tangible property exposures.