Data is the most valuable commodity in the modern digital world. Any doubts regarding this statement are quickly dispelled by Facebook’s estimated $200 billion value. Facebook has relatively few hard physical assets apart from its massive server farms that run its network and store and maintain an equally massive data trove. The company’s valuation is a direct function of the amount of data that it holds. In the face of this reality, individuals who attempt to maintain control over their own private lives are in a losing battle. As long as organizations continue to thrive on data about their customers, individual privacy will remain a myth. Where a breach of privacy leads to a theft of an individual’s identity and other financial problems, cyber protection insurance is the solution.
Privacy is at risk from two significant sources: organizations that want individual data to market products and services to those individuals, and hackers who want that data for identity theft and other criminal purposes. Individuals can protect their own privacy by limiting the information they voluntarily post online and in response to different queries. Organizations will use sophisticated artificial intelligence algorithms to create profiles of potential customers from even the most limited amounts of information that those users post online. Hackers might target one or more individuals in an attempt to steal their data, but the greater risk to the individual, regardless of how tightly he controls his privacy, is the amount of his personal information that is held by the organizations he deals with.
Those organizations are then charged with protecting all of the data that adds to their value, and by extension their customers’ privacy rights, against cybercrime incursions. When a successful data breach does occur, they can further protect against financial losses with cyber protection insurance. Corporate insurance typically includes four components: errors and omissions (“E&O”) coverage, media liability, privacy, and network security and privacy liability. Most of the developments in organizational insurance coverage over the past ten years have been in the areas of privacy liability and network security.
Cyber protection insurance will offer reimbursement to an organization for its direct loss in value when its data is stolen, and for third-party claims against the organization from individuals whose privacy has been compromised. The cyber protection insurance market is relatively new and policies and coverages are evolving as insurers gain a better understanding of how to assess privacy and data protection risks. Many insurers also help clients to implement risk-management mechanisms and to manage losses after a breach occurs.
Sony’s experience with data breaches provides a solid example of the benefits of cyber protection insurance. When Sony’s network was first compromised in 2011, the company suffered more than $170 million in losses that were not covered by its then-existing general liability insurance policies. Sony subsequently procured cyber protection insurance that covered most or all of its $100 million in losses from a 2014 data breach.
The Sony example is telling from several perspectives. First, the value of the data and the individual user privacy that Sony collected from its PlayStation network is apparent from the magnitude of Sony’s 2011 financial loss. Second, the individuals who were part of that network likely believed that their privacy was protected, but even the most novice of hackers will understand that if a technology company like Sony is susceptible to an attack, privacy is indeed a myth. Third, cyber protection insurance is a critical component in surviving a data and privacy breach in the current interconnected environment.
Cyber protection insurance, including the insurance offered by companies like CyberPolicy, will not recover an individual’s lost privacy, but it will provide a backstop to minimize financial losses connected with any lost privacy.