M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
When it Comes to Liability Coverage for Data Breaches, Security Practices Matter

When it Comes to Liability Coverage for Data Breaches, Security Practices Matter

A new lawsuit shows your clients may be required to implement basic data security practices to receive coverage from their Cyber Liability policy. That's where you come in.

Tuesday, June 9, 2015/Categories: cyber-liability

Your clients may assume if they have Cyber Liability Insurance (Data Breach Insurance), their insurance company will automatically cover their data breach costs. But that's not the case. As Consumer Affairs reports, clients still need to take basic security measures or risk that their claim won't be covered.

That's what we've learned from a recent lawsuit in California, in which one insurer sued its policyholder. Unfortunately for California hospital group Cottage Health System, its Cyber Liability Insurance carrier refused to cover the cost of a data breach on its network. The insurer sued the hospital group, claiming that it didn't take basic precautions to secure its network.

According to Naked Security, Cottage Health System committed several security gaffes by allegedly…

  • Disabling security on one of its servers.
  • Failing to encrypt patient data and health records.
  • Storing medical records in a system that was completely accessible online.

In its lawsuit, the insurer claims the hospital group failed to do even the bare minimum to secure its data, thereby violating the insurance agreement.

When Insurers Can Refuse to Cover a Data Breach Claim

Generally speaking, insurers agree to cover costs of certain claims. But in return, you or your clients must fulfill some basic security requirements.

Say you run a gas station, but fail to keep your gas pumps in good working condition and shoddy maintenance leads to a fire. Even if you have Property Insurance, your insurer might refuse to cover the claim, pointing out that you didn't follow industry standards.

The same is true for data. The Cottage Health System's lax security protocol means that the cost of its data breach may not be covered. The insurance company initially covered the data breach claim, but after realizing the company's lax approach to data security opened the doors for cyber criminals to steal data, it filed a lawsuit to get its money back.

For more information about protecting health data, see "Have Healthcare Clients? Time to Beef Up Your Data Security Practices."

When Cyber Liability Lawsuits Can Be Good News for IT Consultants

The dispute between Cottage Health System and its insurer sends a clear message: companies need to secure their IT and meet industry standards. If they have data they need to protect, they need to invest in technology that properly secures it. And they'll need to hire people like you to do the job.

While your clients may think that a Cyber Liability Insurance policy will cover them, they still need to hold up their end of the bargain. So how do you position your IT business as the solution?

Security is a growing market for IT professionals. You can capitalize on this growth by:

  • Executing more software / pen testing.
  • Staying current on the newest software and services.
  • Keeping abreast of your clients' data security requirements.

Your clients will be looking for IT consultants who are able to answer their security questions, so make sure you're prepared. To learn more about the surge in cyber security investments, read the post "More Proof that People Want to Pay You to Keep Their Data Safe."

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader