COVID-19: Implications for Cyber Risk Insurance and Tech E&O Coverage and Multimedia Content Liability
New risks and challenges are presented with the social distancing policies and telework protocols that have been adopted to face the crisis generated by COVID-19. The fact that people are interacting remotely, under stressful circumstances, and overloading the technological infrastructure, compels organizations to consider how their cyber risk profile can be affected.
A great challenge is imposed when migrating from a physical environment to a virtual environment. Once companies recognize this challenge, they must take appropriate measures to mitigate the potential risk, for example, raising awareness among their employees and users about cyber threats, improving technology systems, and reviewing coverage under cyber risk insurance, errors, and technological omissions and liability for multimedia content.
Awareness and vigilance
With the increase in remote work, organizations are more susceptible to cyber-attacks, especially those that are beginning to use this type of protocol. For example, people remotely accessing the organization’s network do so through home networks, which generally use less secure hardware.
These attackers are also cashing in on people looking for pandemic information. COVID-19 has increased Phishing cases and other social engineering events, using information related to the virus as a hook.
Remote work also increases the risk due to the flexibility of security policies and procedures. To facilitate work from home, employees were able to remove printed files from the workplace or transfer confidential or sensitive information to non-secure and unencrypted storage devices, exposing this data to unauthorized third parties.
Organizations must act proactively, reminding their employees that proper digital precaution is even more critical when connecting to networks remotely. Employees have a burden in the proper management of these risks and need to perform activities such as updating systems, logging out when they are not working or using networks, following procedures for handling confidential or sensitive information, and using complex passwords.
Organizations also need to maintain a high level of cybersecurity, including testing their systems to enable them to be prepared for inevitable operational disruption. IT teams in organizations are in high demand to resolve situations arising from a sudden increase in the remote workforce.
The demand for online communication tools will increase, which may reduce the availability of the systems. The suspension or degradation of the systems will generate interruptions in operations, causing loss of benefits and additional expenses.
Insurance coverage for personal or confidential information leakage events, security incidents, and technology failures are available in the market. Several of the traditional cyber risk insurances include risk prevention and mitigation services, which can be used before or after an event.
However, with the unprecedented social distancing we are experiencing and the rapid increase in remote work, it is very likely that new events will be created for cyber claims, especially under three coverages:
- Cyber Liability
- Technological errors or omissions
- Responsibility for multimedia content
Some of the unique circumstances of the COVID-19 pandemic may limit or challenge the responsiveness of these insurances.
Cyber Liability Insurance Coverage
Most Cyber Liability Insurance includes a wide margin of coverage relevant to the current environment. This coverage includes liability for network security, liability for privacy, forensic costs, recovery and reconstruction of digital assets, costs for cyber extortion, reputation protection, business interruption, and extra expenses, system failures, contingent system interruption, and defense expenses. However, in some situations the coverage will not apply due to the exclusions or limitations of coverage included in this type of insurance:
- Infrastructure exclusion: Cyber liability insurance traditionally excludes coverage for failures in energy, gas, water, and telecommunications services (including the internet), which are not under the direct operational control of the insured.
- Limitation of voluntary shutdown/disconnection coverage: Coverage may include voluntary shutdowns or disconnections performed to prevent the spread of malware or limit damage, but not a voluntary blackout or disconnection intended to improve access to systems and their functionality.
- Limitation on the definitions of systems or networks: the key definitions should be reviewed and determine whether they affect coverage for the systems or networks owned, operated, or leased by the insured or those managed by third parties.
For more information about our Cyber Liability Insurance Policies click here.
Coverage for Technological Errors or Omissions
The Coverage of Technological Errors and Omissions is designed for events in which there is an error or omission in the provision of technology services or a failure in the performance or functionalities of a technology product. However, in some situations, coverage will not apply due to the exclusions or limitations of coverage included in this type of insurance:
- Deceptive business practices, antitrust, and consumer protection exclusions: Insurance can exclude coverage when a product or service does not meet the standards offered.
- Exclusion of personal injury or property damage: most Error and Omission insurance covers the financial loss suffered by third parties, under the premise that personal injury and property damage will be covered by liability programs, and coverage under these insurances (E&O) will only be detonated after the liability claim has been exhausted.
- Business Loss or Money Loss Exclusion: Claims arising from business losses, change in account value, and money transfers are typical exclusions for this type of insurance.
- Exclusion of redemption of prizes or coupons: promotional games, price discounts, coupons, or any other incentive granted more than the value of the contract are typical exclusions of this type of insurance.
For more information about our Errors and Omissions Insurance Policies click here.
Responsibility for multimedia content
Liability coverage for multimedia content extends to cover a wide range of acts related to the creation and publication of content (for example, information, sounds, images, and graphics). Typical coverage includes defamation or disparagement of products, generation of emotional tension, copyright infringement, violation of privacy rights, or misappropriation of names. However, some losses and damages are not covered under certain circumstances, some of the typical exclusions are:
- Deceptive business practices, antitrust, and consumer protection exclusions: Insurance may exclude coverage when a product or service does not meet the standards or performance offered.
- Exclusion of personal injury or property damage: coverage may include emotional stress or tension, but not claims related to personal injury or property damage.
- Online content posting: Coverage may only be limited to posting online and not in other formats.
Insurance Program Review
As the pandemic continues, risk professionals should work hand in hand with their insurance advisors to carefully review the language of their policies and consciously review what is and is not covered and take the necessary actions to ensure hedges will be activated in the event of a loss.
During this pandemic, it is important to understand what to protect against. If you are a business owner, it is advisable to protect your organization against a data breach. Our cyber risk insurance policies offer a wide range of coverage that adapts to every need and budget. If you have any questions, please contact us and we will recommend the best coverage option for you.
Contact our experienced insurance agents at 713-429-1790. Get in touch with us immediately so we can recommend the right coverage for your business.