Breaches are up 29 percent from 2009 levels, driven by large increases reported by Government. Breaches are much more targeted with fewer organizations accounting for greater amount of breaches. Today’s threats are designed for monetization, whether that is through the theft of corporate secrets or through the acquisition and abuse of identities…*

Marsh's Communication, Media and Technology (CMT) Practice is a global leader in providing risk consulting and risk transfer solutions to organizations in the CMT sector. With a network of over 600 dedicated specialists working the thousands of clients around the globe, we harness this collective knowledge to benefit our clients. This approach has put Marsh at the forefront of industry trends to provide your firm with specialized advice and solutions designed to respond to emerging risks.

Is your company at risk?

• How would your brand be affected if confidential customer information were made public? -Is your company actively outsourcing information technology (IT) services such as “cloud computing” or Software as a Service (SaaS)?
• How much would your financial liability amount to if you passed malicious code or a virus to customers, vendors, or other business relations?
• What would your liability be if you infringed on another’s trade/service mark or brand?
• Do you actively manage your social networking exposure? Do you sponsor public blogs, or use Facebook or Twitter?
• Does your company have credit card transactions online and are the security features adequate?

Gaps in Existing Insurance Programs

Traditional insurance polices do not provide adequate protection. -Errors and Omissions (E&O): Broadly worded E&O policies are often tied to “professional services” and may have a requirement that there be an act of negligence.

• Commercial General Liability: Advertising Injury/ Personal Injury has potential exclusions/limitations in web advertising
• Crime: Requires intent and only covers money, securities, and tangible property
• Kidnap and Ransom: No coverage without a “cyber-extortion” amendment
• Property: Data is not considered property

Coverage Overview

Network Security Liability
Liability to a third party as a result of a failure of your network security to protect against destruction, deletion, or corruption of a third party’s electronic data, denial of service attacks against internet sites or computers, or transmission of viruses to third party computers and systems.

Privacy Liability
Liability to a third party as a result of the disclosure of confidential information collected or handled by you or under your care, custody, or control. Includes coverage for your vicarious liability where a vendor loses information you had entrusted to them in the normal course of your business.

Media Liability
Coverage for libel, slander, copyright infringement, and domain name related to material on the institution’s Web site or off-line publications.

Crisis Management and Identity Theft Response Fund
Expenses to comply with privacy regulations, such as communication to and credit monitoring services for affected customers. This also includes expenses incurred in retaining a crisis management firm for a forensic investigation or for the purpose of protecting/restoring your reputation as a result of the actual or alleged violation of privacy regulations.

Cyber Extortion
Ransom or investigative expenses associated with a threat directed at you to release, divulge, disseminate, destroy, steal, or use the confidential information taken from the insured, introduce malicious code into your computer system, corrupt, damage, or destroy your computer system, or restrict or hinder access to your computer system.

Network Business Interruption
Reimbursement of your loss of income and/or extra expense resulting from an interruption or suspension of computer systems due to a failure of network security to prevent a security breach. Includes sub-limited coverage for dependent business interruption.

Data Asset Protection
Recovery of costs and expenses you incur to restore, recreate, or recollect your data and other intangible assets (i.e. software applications) that are corrupted or destroyed by a computer attack.

The Marsh Approach

• Placement of coverage is the last step in the process
• Insurance is never a valid alternative to good risk management
• Similarly, relying upon technology as some mythical “silver bullet” that will defend against all risks is to turn a blind eye to major risks facing every commercial entity

• Marsh’s approach to the privacy and cyber risks combines elements of assessment, remediation, prevention, education and risk transfer

*Source: 2010 Rotman – TELUS Joint Study on Canadian IT Security Practices