Career Center Powered by GreatInsuranceJobs.com
In today’s 24/7 business world, companies and their customers are consuming, sharing and storing data at an unprecedented rate. This data has in fact become one of an organization’s most valuable assets, but unfortunately it can also be its most dangerous.
Most businesses are not aware of the risks associated with this information or the best ways to protect it from harm.
In addition, the use of social media and networking initiatives has brought hidden risks to businesses they never thought possible. The ownership of Internet risk is a gray area, and customers or users of Web sites that do the wrong thing can now expose companies to unseen liability—ranging from data piracy and intellectual property infringement to reputational harm and libel/slander lawsuits.
Many companies, however, are blind to these risks. Even some insurers are finding themselves behind the curve.
What’s urgently needed is an understanding of the risks posed by Web 2.0 and the development of strategies to address those risks, including new insurance products.
One big concern is whether Web-based communities will become liability breeding grounds.
Web 2.0 encompasses the social networking and social media aspects of the Internet. There’s Facebook and YouTube, niche sites, and corporate-sponsored online discussion groups.
Companies started social networking sites to connect with customers. Individuals and businesses jumped on blogs, wikis, professional networking sites, audio and video file-sharing communities, and user groups.
For companies, the data explosion means they no longer solely control their brand and message. For individuals, it means every aspect of their online personas is fair game for marketers, criminals, hackers and others.
And in virtually every corporate or individual case, there is an entity—a corporation, an organization, data processor, application service provider, e-commerce company, or networking or file-sharing service—that has legal responsibility.
How did we get to the point where this risk grew with scant understanding and minimal risk-transfer strategies?
Over the past several years, companies have been focused on e-commerce data-breach risks, such as the inadvertent or criminal disclosure of credit card and Social Security numbers. To be sure, those risks are real and continue to grow.
But Web 2.0 liability is emerging as an equal if not greater risk.
As data grows in importance, affecting everything from stock prices to consumer confidence, it has soared in value. Information thieves, black market data buyers and data brokers have swooped in. In general, the more detailed (or salacious) the information, the more valuable it is and the greater the liability.
Currently, businesses are facing three major threats:
• Data privacy breaches
• Intellectual property violations
• Media/advertising risks
Operating under the misconception that cyberspace is controlled, secure and anonymous, many people post intensely personal information about themselves.
Sites and communities of all types have vast treasure troves of detailed information, including profiles, history and behavior. They are also vast e-mail and storage repositories. It’s not hard to imagine an on-rushing wave of class-action lawsuits if this information were to be exposed.
Intellectual property violations, one of the early social media battlegrounds, continue to threaten brand identity and reputation as well as valuation. MarkMonitor, which specializes in online fraud protection, determined that online sales of counterfeit and gray-market goods will cost businesses $137 billion this year. Tiffany has sued eBay, Viacom has challenged YouTube, and the list goes on.
There are also media and advertising risks, including the dissemination of false, misleading, discriminatory or harmful information, and direct attacks on competitors.
A big problem is that the liability of such Web usage has outpaced risk-transfer strategies. Companies and the insurance industry have lagged as the risks have accelerated. Even forward-thinking, risk-focused companies are racing to catch up. While it can be done, companies and their insurers must take immediate action. Top management must understand that their company’s valuation now includes information assets, liabilities and risks.
For many companies, suggested first steps include coordinating company leadership in critical departments such as marketing, risk management, legal and information technology. Marketing and sales departments are often chiefly responsible for collecting and analyzing data. Other departments may not even be aware of the scope of the effort.
The goal is to have a clear, comprehensive picture of what data is being collected, how it’s being stored and protected, and what it’s being used for. Legal, risk management and IT experts can then collectively analyze and mitigate the risk as a united front from all angles: operational, technical and policy.
The next critical step for a company to take is a review of its existing insurance policies. General commercial liability and umbrella policies do not cover the majority of activities associated with Web 2.0 and social media liability.
Given that the landscape is evolving so quickly, it’s important to find a broker or agent with specific Web 2.0 knowledge and experience, not just general cyber-liability expertise. Finally, the broker and the company’s leadership must work together to develop a custom policy that addresses specific needs and threats.
Although each company is different, some general areas of coverage include:
• Third-party coverage for data privacy and network security liability; Internet and electronic media liability; and professional services liability.
• First-party business interruption coverage in the event of a network security breach.
• First-party cyber-extortion coverage for threats against data and identity theft.
• Intellectual property coverage for advertising and technology products.
• Reimbursement for expenses related to responding to a major privacy event, such as notification of affected parties, data privacy regulatory fines and investigation of the event by outside experts.
The Web 2.0 insurance market is fast-changing and characterized by continuous development and innovation. Insurers, agents and brokers—and their clients—need to educate themselves regarding cyber-liability insurance products in order to stay current with technology, legal and regulatory developments.
The Web has revolutionized how we live and do business. The full impact of Web 2.0 liability is still mostly unknown and litigation is just beginning.
Unlike past risks, which have been easier to identify and less fluid, Web 2.0 liability changes day to day. This nascent area offers the insurance industry the opportunity to step up and lead the effort to protect businesses from the unseen liability associated with social media and networking so that clients can explore these new business opportunities without falling victim to the hidden risks.
Art caption: