The ease with which a brick and mortar business can transform into an e-commerce operation, at least to some degree, can be startling. What was once accomplished face-to-face is now done virtually. What was once kept in a filing cabinet is now stored on electronic databases. Pens and stamps have been replaced by PINs and clicks. In the blink of an eye, even those who swore they would never do business in the cyber-world are now making considerable efforts to expand their business by establishing a virtual presence.
Even those who do not consider their business to be a typical online operation are finding that more and more of their processes are being done electronically. Those who would readily dismiss the suggestion that their operation is technology-based routinely rely on the Internet, email, computers, networks, databases, online storefronts, and even their own websites to conduct and expand their business.
Since such a transformation in business practices often leads to new liability and damage exposures that were previously nonexistent, it is not uncommon for businesses to find that they have outgrown their insurance coverage. This is understandable since those charged with managing risk typically focus on the traditional exposures ordinarily covered by an organization’s general property and liability insurance policies. Unfortunately, in the context of risks associated with the use of technology in commerce, these policies do not offer the protection required to keep pace with developing business practices.
The risks associated with the use of technology in commerce can be significant, and if they are not properly mitigated and insured against, the consequences may be devastating. Thus, it is important for every business to conduct an audit of potential risk exposures stemming from the use of technology.
A business may be exposed to unique risks if it:
- Generates revenue online;
- Advertises online;
- Maintains a website;
- Deals with clients, customers, suppliers, partners, etc, online;
- Relies on computers and networks to conduct business;
- Stores and uses valuable or confidential personal information on internal or external networks or servers;
- Outfits its sales or support staff with portable devices, such as laptops or PDA’s; or
- Uses a computer network to control production, inventory, delivery, etc.
Perhaps the most surprising part of this list is that an operation does not need to conform to the stereotypical dot.com image in order to be exposed to traditional dot.com-like risks. The nearly universal integration of technology into the business world means that virtually every organization faces at least some technology-based exposures.
These exposures can be broadly categorized as first-party and third-party risks. First-party risks include liabilities involving data recovery, business income, denial of service, virus or hacker sabotage, and theft of system resources. Third-party risks include liabilities involving theft or disclosure of data, damage or loss to someone else’s data, media liability for website content, privacy liability, network security, malicious sabotage, malicious virus, and administrative errors.
If one of these risks comes to pass, it can be extremely expensive. For example, many states, including Florida, New York, and California have enacted laws requiring businesses to notify their customers in the event of a breach of security involving computerized personal information, such as names, social security numbers, driver’s license numbers, and account or credit card numbers. A business that stores such information electronically is at risk of having to comply with these statutes even if the business has absolutely no online retail components. The loss of a salesperson’s laptop computer containing such information may require a business to initiate the required notice protocols, the expense of which may be debilitating.
While businesses can take steps to minimize exposures, it is unlikely that any efforts will operate to completely insulate an organization from the possibility of loss. Therefore, businesses should obtain insurance that is specially designed to meet specific operations and risks. There are many insurance products which can be tailored to match exposures to coverages. Given the scope of the risk exposure, good business judgment demands that an organization look into updating their insurance coverage to cover all of their risks, not just the traditional ones.
If you would like to learn more about how we can help you obtain the necessary insurance to cover your business, please contact us.