In the last decade, e-commerce has gone from being almost nonexistent to completely mainstream, with what seems to be an infinite number of cyber retail web sites.
Prior to the Internet, it was rare that retailers and consumers using paper catalogs would fall victim to marketing-by-mail fraud. But with the advent of Internet retail commerce, the Internet has become fertile ground for the commission of cyber fraud.
This fraud affects everyone in the e-commerce chain, and can cause catastrophic damage in the time it takes to click a mouse. For customers, cyber fraud can ruin credit scores and expose personal identification data that can result in identity theft. For retailers, who are responsible for the data of their customers that flows through the retailer’s cyberspace, damage can range from lost sales and devastation of brand reputation to regulatory fines and penalties.
How cyber fraud happens
There are numerous ways e-tailers are vulnerable to cyber crime:
- A hacker breaches a computer network and steals personally identifiable information such as names, street and email addresses, phone numbers, and credit card information. The customer’s identity may be stolen for the purpose of other fraud, costing the customer money and/or destroying his credit score.
- An e-commerce site contracts with an outside vendor to conduct all credit transactions. A hacker who compromises the network of the vendor has effectively compromised the e-tailer as well, since it is ultimately responsible for customer data.
- Click-jacking occurs when a perpetrator sabotages the e-tailer’s software code so its website re-directs the customer to other websites offering anything from competing products to pornography. The result for the retailer is lost sales and potentially critical brand damage. Additionally, customers could incur computer viruses and other damage.
- Hackers infect thousands of computers and then manipulate them to all simultaneously contact an e-commerce website. This causes a massive slowdown or shutdown at the e-tailer, and is sometimes followed by extortion. It always results in lost sales and business interruption.
- In the course of attacking a network database, a perpetrator infects an e-commerce website with a virus that subsequently infects the computers of thousands of customers. The customers bring a class action suit against the e-tailer for not preventing the spread of the virus.
Managing cyber risks
Cyber attacks are not an illusion or passing problem: Just as e-commerce is widespread today, so is cyber crime. It has become a risk of doing business, and all companies make some decision involving that risk.
Typically, companies either retain risk or they transfer it through insurance. For example, most firms have coverage for property damage due to natural disasters, or coverage for injury to third parties due to products or services.
Risk management is the practice of attempting to minimize or eliminate retained risk. In the world of cyber, the danger of loss can be reduced through firewalls, data encryption, and other IT security techniques.
But, as with all business risks, losses can still occur despite the best risk management. In cyber crime, there is an “arms race” between perpetrators of crime and preventers of systems breaches, and criminals win all too often.
It can be an intimidating field to enter, as botnets and other cyber fraud mechanisms continually evolve, becoming harder to detect. Some of the most well known retailers and e-tailers – including Sony (maker of the PlayStation), Sony Ericsson, and Target Stores – have experienced major systems breaches that compromised personal identification data.
The good news is that technology insurance exists to minimize or eliminate retained risk.
What technology insurance can cover
Though many believe that traditional insurance covers technology and Internet losses, it in fact does not. This misunderstanding leaves the vast majority of businesses vulnerable to cyber risk.
But technology insurance can partner with risk management in a number of critical scenarios. Cyber insurance can pay for:
- Legally required customer notification following a breach, as well as costs for providing customers with credit monitoring services.
- Insurable regulatory fines and penalties, and the cost of regulatory defense from lawsuits under both the Payment Card Industry and the Fair Credit Reporting Act.
- Lawsuits from customers for breaches, even if the loss occurs on a third-party vendor’s network.
- Inadvertent exposure of information governed by website privacy promises or confidentiality agreements.
- Interruption of business function caused by malware and viruses, denial of service attacks, and other causes.
- Data restoration costs when systems are compromised or data is rendered unusable.
- Cyber extortion and public relations crisis management.
- Errors and omissions in the operation of an e-commerce website.
- Stolen or lost data on paper files.
INSUREtrust has your technology insurance solution
Technology insurance doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can range from a few thousand dollars for a $1 million policy limit to hundreds of thousands of dollars for very high policy limits. Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for any risk.