Privacy Insurance Is a Growing Market – Are Your Clients Protected?

Grey Swan,

The US has experienced a number of high-profile “cyberthreat” or privacy breach cases, including lawsuits brought against Sony and LinkedIn. Testifying before Congress, FBI Director Robert Mueller said cyberthreats will soon surpass terrorism as the country’s biggest threat. It is already a costly one: the average cost of a data breach in 2010 was $7.2 million. There is the perception that such cases simply do not happen in Canada. Most companies do not view privacy breaches or cyberthreats as a major risk because litigation has been muted thus far. These companies do not have comprehensive coverage against such risks, leaving them very much exposed.

The truth is privacy breaches are becoming commonplace in Canada; recently, Calgary-based Telvant was a target of a cyber-attack. The IT company has a hand in managing 60 percent of all gas and oil pipelines in North America and Latin America. Such attacks, says Travis Davies of the Canadian Association of Petroleum Producers, are “the new normal.” The big exposures are for small and medium enterprises, which do not have the resources or processes in place to handle a policy breach. These breaches could be covered by other, general insurance policies, but typically, they are not.

In the US, for instance, Sony attempted to claim coverage under its Commercial General Liability policies with Zurich Insurance Group. Zurich refused, claiming its policies only covered “bodily injury” or “property damage” caused by occurrences other than the type cyber-breaches Sony experienced. Companies that think they have specialized coverage under their general policies likely do not. If they do have some sort of coverage in place, they do not have the specialized breach response program that is necessary. Sony found this out only after a catastrophic breach had occurred.

Insurance companies can add real value to customers by educating them on what happens after a breach occurs. When a complaint comes in, there is an investigation by the Privacy Commissioner. Typically, what happens is the company then goes to you, the insurers, to find out if they are covered. A sophisticated privacy policy responds differently, and this is where your policies will differentiate themselves. A coordinated response is put into action:

  • Notifications
  • A lawyer or someone with specified knowledge of wording and language concerning privacy breaches is charged with sending notifications to affected parties, if needed.

  • Crisis Management Plan
  • A crisis management plan is implemented which includes:

    • A call centre for concerned and affected parties
    • Credit monitoring in place that can begin to work immediately
    • Lawyers to respond to class actions, if necessary

A crucial piece of the privacy policy puzzle, and another differentiator for insurers, is offering first party insurance. Most policies, if they cover privacy breaches at all, offer third party coverage, which deals with costs incurred through legal action. First party, on the other hand, is dedicated to handling costs that a company incurs in its response to a breach.

Privacy insurance has not gained real traction in Canada, again, because we have not seen those multimillion-dollar awards yet. Yet is the key, though, because as breaches become the “new normal,” litigation will catch up. High-profile lawsuits involving Honda Canada, Eastern Health, Sony, and other companies are ongoing and are pushing Canada toward litigation of the magnitude seen in the US. Many companies will be unprepared for the challenges they will face in responding to these events. This is an emerging market for insurers, and one that has incredible potential.

Related posts:

Grey Swan

Grey Swan provides specialized independent insurance advice delivering a focused perspective to clients that is based on the over 25 years of insurance industry, legal, and claims experience that our founder brings to the table.

Most Popular Articles

Privacy Liability And Insurance

It has become common place to see news headlines stocked with shocking revelations of cyber hacking and privacy breaches, often pertaining to hundreds of thousands of records. This article...

Fiduciary Liability Insurance

Fiduciary liability insurance is often thought of as the ugly cousin of directors and officers liability insurance. Often misunderstood and ignored, Fiduciary Liability insurance is...

5 Things Every Insurance Company Needs to Know About Privacy Insurance

The first auto insurance policy was issued in the U.S. in 1898 and offered US$5,000 of liability coverage to Dr. Truman Martin of Buffalo, New York. As the Insurance Journal remarks, “Martin would likely have...