The success of a Human Resources department is measured in a lot of ways. None more important than the level of trust that the HR department has with its employees. Employees must feel as though they can trust the HR department with:
Employees will claim that they were unfairly passed over for promotion, subjected to discrimination, or terminated unjustly even if an HR department handles items 1, 2, 3, and 4 in a "best in class manner".
The same goes with item 5. No matter how hard your IT department tries to prevent a cyber-event, your company, and your employees, are a target. Every. Single. Day.
Among many other things, a cyber-event will result in a significant breach of trust with your current and past employees. That's why we believe that decision makers in the HR department should insert themselves in the Cyber Liability discussion.
Whether or not to purchase Cyber Liability is not a priced based decision. Policies are inexpensive compared to the cost of coverages like Medical or even Dental insurance. Most Cyber policies cost $8,000 - $12,000 annually for a $1.0 million limit of liability. The major hurdle to purchasing the coverage is acceptance that it can happen to you, and understanding the value that the product can bring when a cyber-event occurs. Here are some other factors to consider:
Breaches can occur anywhere
Insurable data breaches can occur on laptops, tablets, phones, thumb drives, data sites, cloud storage, printed paper, and even printers. That means that a realistic origin of a major data breach could be something as simple as leaving a smart phone in a taxi, a manila folder containing sensitive documents in a seat back pocket in an airplane, or a laptop computer in a hotel room.
Current and past employees will demand action and answers
Your company has legal responsibilities when the personal information of your employees is compromised, but it also has a moral obligation. Failure to move promptly when a cyber-event occurs can hurt employee morale and productivity.
A Cyber Liability policy would cover defense costs and third party damages associated with resulting litigation from a data breach. More importantly, the insurer will assemble a team of experienced professionals that will walk you through the process and ensure that you are compliant. The types of services that are included as part of your premium are as follows:
Imagine trying to form this team and find vendors for these services in real time? By the time all of those things were figured out, the "event" could be completely out of your control.
Assume that your third-party vendors probably do not have enough insurance to cover you
Most people think, "if my ________ vendor has a data breach, they will cover me because we don't store the information - they do."
This thought process could be applied to vendors providing cloud storage, HRIS systems, or medical insurer systems.
The fact is that you own the data in the eyes of the law no matter where you choose to store it. This issue led many employers to violate the law during the Anthem breach because, in California, the employers needed to report under state law - not Anthem.
Managing your data through a third-party vendor is convenient and inexpensive. These providers can offer strong passwords and SSL encryption, which some consider to be a "sufficient" level of security and makes unauthorized or unintended activity inconvenient enough. However, bad things still happen to even the most heavily guarded companies.
Look at the vendor's loss calculation this way:
200 = Your total number of current and past employees
+ 5,000,000 = The total number of people that utilize that vendor across all of their customers (Anthem had 80 million customer records)
X $221 = The national average cost per lost or stolen record
= $1.1 BILLION
This type of catastrophic event is uninsurable! The market place only has capacity to place programs with total limits of around $500.0 million. That's why it is important to purchase your own coverage and not be dependent on your vendor's limits.
New workplaces create dynamic exposures
A cyber-event would be less likely to occur if all of your employees worked within the four walls of your office, only opened emails from co-workers, didn't shop online at their desk, and never checked their social media accounts.
That's just not how work is performed in 2017. Your employees work from home, in coffee shops, in hotels, and on airplanes. They use webcams, screen sharing, tablets, and authorized and unauthorized collaboration tools that allow employees to work more efficiently and smarter. Multi-platform environments are now the norm: smart phones, thumb drives, laptops, bluetooth technology, tablets, and wireless printers. All of these items present opportunities to widen existing security gaps.
Follow this link in order to read some summaries of actual Cyber Liability claims. http://www.equityrisk.com/cyber
Liability policies are not something that HR professionals typically consider or purchase. Those decisions are almost always made by someone else. However, we encourage HR professionals to become a part of the Cyber Liability conversation.
Josh Warren - Executive Vice President - Property & Casualty
Josh Warren has more than 15 years of experience developing insurance coverage programs and specializes in the design and implementation of alternative risk finance techniques and transactional insurance products. His role focuses on client service, due diligence consulting and claims, in addition to leading the firm's Equity Risk Partners Global initiative.
Mr. Warren is a past board member for the Canadian U.S. Business Council Chicago. He also serves as the Co-Chair of the Millikin University Football Alumni Advisory Board.
Prior to joining Equity Risk Partners, he was an account executive specializing in the real estate industry at Mesirow Financial, and a sales professional at a suburban Chicago insurance agency. Mr. Warren earned an undergraduate degree in secondary education from Millikin University. He is also past co-chair of the Illinois Young Agents Committee, which was awarded the National Young Agents Committee of the Year Award in 2004.
Contact Information: email@example.com
Phone: (312) 980-7853
Michael Marcon - President, HUB International and Founder, Equity Risk Partners
Michael Marcon has more than 30 years of insurance experience, pioneering the delivery of insurance due diligence to private equity firms and specializing in alternative risk financing and transactional insurance products. Before launching Equity Risk Partners, Mr. Marcon was Executive Vice President of Aon Risk Services - Mergers and Acquisitions Group and he was instrumental in creating the Private Equity practice for Aon's predecessor company, Rollins Hudig Hall. He served as Regional Manager - Finance for Transamerica Corporation, as well as positions in Special Risk Financial and Capital Management for CIGNA Corporation.
Mr. Marcon holds an undergraduate degree in economics from Ursinus College (where he was the former chairman of the board of trustees) and an MBA in finance from Drexel University. Mr. Marcon tweets from @mcm7464 and can also be reached through his blog, Michael Marcon Tweets, where he writes about business, tradition, and life.
Contact Information: firstname.lastname@example.org
Phone: (415) 874-7101