Phones Ring After Weather Disasters, Cyber Attacks
YOUNGSTOWN, Ohio — Growing awareness is prompting new interest in liability insurance among local businesses.
High profile national stories and changes within the industry have changed consumers’ perceptions from “I’ll worry about it when it happens” to “I need to be covered.”
Two of the more popular insurance products are cybersecurity/data breach and errors and omissions (E&O), the latter especially popular among contractors. Not too long ago, such liability policies typically were purchased only by larger companies, but smaller companies have come to realize their importance.
Cyber Insurance Is Rising in Popularity
When Equifax disclosed last month that a breach discovered in July might have affected as many as 143 million customers in the United States, it put the threat of cybersecurity on the radar at many local companies. And with October being National Cyber Security Awareness Month, insurance agents are reminding their clients that proper liability coverage is the best protection against post-breach losses.
Many local and regional groups are holding symposiums and online workshops to discuss cybersecurity. Mercy Komar, cyber coverage specialist with L. Calvin Jones & Co. in Canfield, recently addressed the Mahoning/Shenango Valley Estate Planning Professionals, telling them the biggest misperception is that attackers are primarily individuals.
“It’s rarely an individual anymore. They’re usually well formed hacking groups, almost corporationlike, and it’s automated,” Komar says. “One hospital system has reported that it’s getting hit about 1,100 times a day from people trying to get information. About 50% of businesses already have had a cyber attack, but most of them just don’t know about it and will never find out.”
With the heightened awareness, Komar has seen a 50% increase in companies getting cyber insurance quotes. Despite knowing that all businesses are susceptible to cyber attacks, some company owners still balk because of the cost.
One way to alleviate that cost is to increase the deductibles in other areas, says Stephanie Maroni, vice president of operations at James & Sons Insurance in Boardman. Companies must also assess their exposure by considering their revenues and how many client records they keep.
Companies with a few thousand records can purchase a policy with lower limits, she says. However, companies with upward of 500,000 records will want high liability coverage because it will cost more to discover the extent of their liability, remedy it and repair any damage to public perception.
Carriers are also broadening their policies and expanding their coverage. This is especially important as mobile devices such as smartphones become more common in people’s lives, Maroni says.
“We’re all carrying a phone around with us, so the exposure is greater,” she says. “These policies are only going to get more popular as hackers get smarter.”
One new development is a method where the attacker tricks the target into giving it sensitive information or even wiring money. It’s more common than computer-based hacks, accounting for more than two-thirds of all attacks by hackers, hacktivists and nation states, reports Social-Engineer.org.
Maroni says that a common ploy is an attacker who impersonates an executive-level employee within the company.
“A company may have a newer employee and the attacker phones in or sends an email disguised as an executive,” she says. “They ask the employee to make a wire transfer to another executive or a customer. The employee is defrauded and they accidentally wire the money.”
And data breaches aren’t restricted to forces outside of a company’s walls, says L. Calvin Jones’ Komar. A company’s workforce is its biggest asset as well as its biggest vulnerability, she says.
“You’ve got to have credible employees who are trained not to give out information,” Komar says. “Employees who go rogue have access to your system. I’ve seen instances where a doctor’s clerical staff was taking patient information and giving it out to a confidant who sold it on the black market.”
However, there is nothing that protects companies from human error, such as an employee accidentally attaching the wrong file to an email. But cyber liability insurance protects companies from the fallout to a degree, she says.
“We can protect you from credit card information release, personally identifiable information, digital data and nondigital data being stolen, business interruption, ransomware and computer fraud,” Komar says. “If you release information that belongs to others, we can protect you from the expenses for that and for any lawsuits.”
While policies offer different types of coverage, Komar expects them to become more standardized. Premiums depend on business type, number of employees, number of records and extent of overall exposure. She has seen local premiums range from $1,000 to $20,000 annually.
In addition to coverage, a company can protect itself by minimizing its exposure. Komar cautions against keeping unnecessary discretionary data, which include paper files sitting in a storage area. She recommends moving such files to a more secure location or shredding them.
“If I don’t need someone’s Social Security number or driver’s license information, I don’t keep it. You’re just opening yourself up for more to be taken,” she says. “Also, have your computers and printers professionally cleansed of information before you donate them to charity. Printers and copiers have data stored on them every time you make a copy.”
While many clients are aware that cyber and data breach coverage exists, they don’t always understand what it covers, says Ron Nanosky, founder of The Agent Insurance Services in Boardman. Direct costs for a data breach could be up to $80 per record, which can include items such as legal fees and technological investments. Indirect costs, such as client retention efforts and managing an organization’s reputation, can add another $150 per record.
“There are mandatory guidelines from the federal government that a company has to follow in the event of a breach,” Nanosky says. “For example, you have to inform your clients that there is a breach. That’s money in postage and labor. Just notifying your clients of a potential breach could cost thousands of dollars.”
Errors and Omissions Coverage Gains Favor
As more businesses recognize the need for cyber and data breach insurance, errors and omissions coverage is gaining popularity with contractors, Nanosky says. In the past, E&O, or professional liability insurance, was typically needed for lawyers, physicians and accountants. Now, any company that provides specialized services requires it.
E&O covers certain financial losses from the insured’s negligent acts, errors or omissions as well as defects in a product sold or installed by the contractor. If the contractor completes work but it isn’t done according to spec and needs to be redone, E&O covers any financial losses associated with rework. It also covers any financial harm that might have resulted from the contractor giving a client advice or consultation.
“If a plumbing contractor installs new plumbing for a customer, then finds out that the piping used has been recalled because of a product defect, E&O insurance covers financial losses incurred by the rework,” Nanosky says. “Similarly, it does if a heating contractor installs a boiler and, as a result of a faulty hookup to the boiler, the building is destroyed. The damage to the building would be covered under your business liability policy, but the damage to the boiler would be covered by the E&O insurance.”
About 80% of contractors are unaware of either E&O insurance or that they qualify for coverage, Nanosky estimates. One carrier that his agency works with saw a decrease in its larger commercial contractor business throughout the state of Ohio, most likely the result of fewer claims, he says. Thus, contractors who pay $10,000 to $50,000 in premiums could see a rate decrease of about 30%, he says. Nanosky recommends that his clients purchase E&O coverage with the savings.
E&O coverage can be endorsed onto a contractor’s general liability coverage and has its own liability coverage limit apart from the policy limit. The liability limit must be equal to or less than the current policy liability limit. Available limits are $100,000, $300,000, $500,000 and $1,000,000, he says.
Where once larger contractors were the only ones interested in E&O coverage, Chase Booms, vice president of Chase Agency Inc. in Boardman, says he’s seeing contractors on every level pick it up, including HVAC, plumbers and general contractors. Booms attributes the increased interested to litigation costs.
“Litigation is something that everybody gets tied up in,” Booms says. “Litigation costs are so high. The contractors would rather just buy the coverage for it. Before it wasn’t worth the price, but now it’s affordable and common.”
International Risk Management Institute Inc., based in Dallas, cites examples of claims that contractors lacking E&O coverage have faced. One building owner demanded the contractor cover the $180,000 replacement of an inadequate ventilation system, which was installed in error based on a subcontracted engineer’s miscalculation.
In another example, a design error for a warehouse resulted in a loading platform that didn’t meet its needs. The revisions added another $500,000 to the total cost, for which the contractor was held liable. Other examples range from thousands of dollars to almost $1 million for a project that required an entire building be rebuilt from scratch.
“If a contractor doesn’t have E&O coverage, they would have to do the rework at their expense, or the end user would sue the contractor to do the work,” Booms says. “In the past, larger contractors have been required to carry the coverage, but now I’m seeing it on every level. It’s built into the contract and you endorse it onto your general liability coverage, whether you pay a $5,000 or $30,000 premium.”
Booms predicts prices to remain constant over the next few years. He recommends that companies either purchase or update their E&O and cyber insurance policies and review them annually.
“One of these claims could put a small business out of business, so make sure you have it,” he says.
Copyright 2017 The Business Journal, Youngstown, Ohio.
Published by The Business Journal, Youngstown, Ohio.
CLICK HERE to subscribe to our print edition and sign up to our free daily headlines.