Computer-Related Crimes on the Rise: Is Your Business Insurance Keeping Up with the Criminals?

According to the Department of Justice and the Federal Trade Commission, the nation’s computer fraud problem is increasing on a yearly basis. Those using computers to perpetrate their crimes have introduced the business community to a plethora of risks that are typically uninsured by traditional insurance policies. However, there are several insurance products designed to protect against the risks posed by those intent on using computers to carry out their crimes.

One such risk involves the loss of property resulting from computer fraud. The Department of Justice generally defines computer fraud (or Internet fraud) as any type of scheme that relies on the Internet to present fraudulent transactions, or to transmit the proceeds of fraud to others connected with the scheme. Such schemes often use chat rooms, e-mails, message boards, and Web sites to perpetrate the fraud.

Funds transfer (or wire transfer) fraud is another type of computer fraud which may result in significant losses to a business. Although a computer is not necessarily required to execute a fraudulent transfer of funds, a common scenario involves the transmission of an electronic instruction to a bank which appears to have been given by a company’s authorized representative, when the instruction was in fact sent by someone else without the company’s knowledge or consent. In these cases, a fraudulent e-mail may have been sent to the financial institution or the perpetrator may have fraudulently gained access to a company’s online banking account.

A typical crime insurance policy may provide coverage for losses resulting from these kinds of computer fraud. Additionally, since an estimated 75% of employees reportedly steal from their employers, a business may increase the scope of protection afforded by a crime policy if employee theft coverage is also obtained.

In addition to these typical coverages, products aimed at specific computer-related risks may also be obtained. For example, if a business relies on electronic data, computers or networks to support its critical operations, it may be especially vulnerable to computer-related criminal activity. In such instances, a business should be insured against any criminal activity which constitutes a denial of service attack, which jeopardizes the ability to protect sensitive client data, or which otherwise causes network damage, such as unplanned network interruption or electronic infection.

If a business stores sensitive information, then insurance may be obtained to protect against security breaches resulting in privacy injuries, such as identity theft. Insurance may also help cover the often substantial cost of complying with security breach notice laws, which may require notice to those individuals affected by a breach of security involving their non-public, personal information.

For those seeking comprehensive coverage for many of the risks faced by those businesses relying on computers and networks, various insurance products offer protection against privacy injury liability, security and content injury liability, qualifying professional liability, extortion, and network loss. Some policies even provide business interruption coverage for network dependent income.

Given the variety of products in this market, a comprehensive risk analysis must be undertaken to determine the precise risk in any particular situation and to avoid duplicate coverage or gaps in coverage. Failing to understand the risk may lead to a policy that does not adequately address the risk.

Those dependent on computers and networks for the continued and successful operation of their business face developing and sophisticated computer-related risks to their bottom-line. However, the right insurance policy can go a long way toward neutralizing the threat.

If you would like more information about insuring against crime, including computer fraud, please contact us.

The Downside and Economic Risk of Email, Web and Other Digital Communications

The ease with which a brick and mortar business can transform into an e-commerce operation, at least to some degree, can be startling. What was once accomplished face-to-face is now done virtually. What was once kept in a filing cabinet is now stored on electronic databases. Pens and stamps have been replaced by PINs and clicks. In the blink of an eye, even those who swore they would never do business in the cyber-world are now making considerable efforts to expand their business by establishing a virtual presence.

Even those who do not consider their business to be a typical online operation are finding that more and more of their processes are being done electronically. Those who would readily dismiss the suggestion that their operation is technology-based routinely rely on the Internet, email, computers, networks, databases, online storefronts, and even their own websites to conduct and expand their business.

Since such a transformation in business practices often leads to new liability and damage exposures that were previously nonexistent, it is not uncommon for businesses to find that they have outgrown their insurance coverage. This is understandable since those charged with managing risk typically focus on the traditional exposures ordinarily covered by an organization’s general property and liability insurance policies. Unfortunately, in the context of risks associated with the use of technology in commerce, these policies do not offer the protection required to keep pace with developing business practices.

The risks associated with the use of technology in commerce can be significant, and if they are not properly mitigated and insured against, the consequences may be devastating. Thus, it is important for every business to conduct an audit of potential risk exposures stemming from the use of technology.

A business may be exposed to unique risks if it:

  • Generates revenue online;
  • Advertises online;
  • Maintains a website;
  • Deals with clients, customers, suppliers, partners, etc, online;
  • Relies on computers and networks to conduct business;
  • Stores and uses valuable or confidential personal information on internal or external networks or servers;
  • Outfits its sales or support staff with portable devices, such as laptops or PDA’s; or
  • Uses a computer network to control production, inventory, delivery, etc.

Perhaps the most surprising part of this list is that an operation does not need to conform to the stereotypical dot.com image in order to be exposed to traditional dot.com-like risks. The nearly universal integration of technology into the business world means that virtually every organization faces at least some technology-based exposures.

These exposures can be broadly categorized as first-party and third-party risks. First-party risks include liabilities involving data recovery, business income, denial of service, virus or hacker sabotage, and theft of system resources. Third-party risks include liabilities involving theft or disclosure of data, damage or loss to someone else’s data, media liability for website content, privacy liability, network security, malicious sabotage, malicious virus, and administrative errors.

If one of these risks comes to pass, it can be extremely expensive. For example, many states, including Florida, New York, and California have enacted laws requiring businesses to notify their customers in the event of a breach of security involving computerized personal information, such as names, social security numbers, driver’s license numbers, and account or credit card numbers. A business that stores such information electronically is at risk of having to comply with these statutes even if the business has absolutely no online retail components. The loss of a salesperson’s laptop computer containing such information may require a business to initiate the required notice protocols, the expense of which may be debilitating.

While businesses can take steps to minimize exposures, it is unlikely that any efforts will operate to completely insulate an organization from the possibility of loss. Therefore, businesses should obtain insurance that is specially designed to meet specific operations and risks. There are many insurance products which can be tailored to match exposures to coverages. Given the scope of the risk exposure, good business judgment demands that an organization look into updating their insurance coverage to cover all of their risks, not just the traditional ones.

If you would like to learn more about how we can help you obtain the necessary insurance to cover your business, please contact us.