Business Protection Bulletin

The security breach of customer data at Target Corp. during the recent holiday season underscores the growing threat of cyber theft to retail businesses.

Between last November 27 and December 15, hackers stole data on up to 110 million debit and credit cards from customers of Target, the nation’s second largest discount store. The breach occurred when a virus infected the company’s point-of-sale terminals throughout the chain, compromising debit and credit cards account numbers, expiration dates, cardholder names, e=mail addresses, home addresses, phone numbers, and credit verification value – information that bad guys have used to make counterfeit credit cards.

Immediately after a third party discovered the breach, the retail giant: 1) alerted the relevant authorities and banks; 2) partnered with a forensics firm to investigate the crime; and 3) warned recent customers to monitor suspicious bank account activity, and contact the Federal Trade Commission and credit card monitoring systems portals. Said Chief Executive Officer Gregg Steinhafel, “Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence.”

The company fended off thousands of complaints from customers about fraudulent charges on their credit cards and bank accounts, as well as dealing with a significant number of class action lawsuits alleging invasion of privacy.

Although it’s too early to put a price tag on the breach, in 2009 retailer T.J. Maxx paid $9.7 million in a settlement with 41 U.S. states over the loss of customer data after hackers stole information on 45.7 million credit and debit cards two years earlier.

The Target data breach offers a stark reminder of why your business needs to protect confidential customer information – and to carry Cyber Liability insurance.

We’d be happy to help the cause. Just give us a call.

You’re at the airport car rental counter to find a convertible for the weekend — for business, of course. “No problem,” says the sales rep. But before handing you the keys, she asks if you’d like additional Physical Damage coverage. This leaves you with a problem: Should you pay the extra money or trust your own insurance?

Your Business Auto insurance will probably pay for your liability on the business rental, but coverage for damage to the rental vehicle can be more complicated. You might be covered under your Business Auto or Personal Auto policy, or even the credit card that you used to pay for the rental, Depending on the situation, it’s also possible that none of them will pay very much.

To make things even more confusing, laws in a number of states limit your responsibility for damage to the rental – if coverage applies under any of the above, there might still be exclusions and limitations.

To help cut through this confusion, here are a few tips:

1. Rent from a reputable company. The national car rental firms tend to have standardized contracts with tested language. Local or smaller businesses often develop their own contracts, and without legal assistance it might be nearly impossible to determine exactly what you’ve agreed to.
2. When in doubt, ask. The person at the rental counter might not be sure about what coverage she’s selling, so be sure to ask to speak to someone who can clearly explain what you are and are not responsible for. If you’re unsure, walk away.
3. Talk with us before your trip. We’d be happy to explain your options.

It’s a tough marketplace and a rough economy. Corporations that everyone assumed were rock solid have suddenly been shown to be paper tigers. Could it happen to your insurance company?

A proven way to checking out the financial health of your current or prospective insurance company is to ask for its Best’s Rating. A.M. Best Co. has been rating insurance carriers since 1899. Although there other organizations offer such ratings, Best’s is still the most widely cited.

After evaluating a company’s balance sheet strength, operating performance, and business profile, Best measures it against a series of quantitative and qualitative standards. This results in the assignment of one of two types of rating opinions: a Best’s Rating (A++ to F) or a Financial Performance Rating (9 to 1).

These ratings tell whether the carrier with which you’re dealing has the size and assets to insure your business comfortably. They also allow you to see how a particular company fits with the remainder of your protection program. For example, many Business Umbrella insurers have set a minimum Best rating requirement that must apply to any other company that provides your basic coverages.

Although a strong Best rating doesn’t guarantee an insurer’s future financial performance, it provides a benchmark that policyholders can use to determine whether they’re dealing with a carrier who’s likely to be there at the time of a claim. For more information about Best’s rating system, go to www.ambest.com.

To learn how A.M. Best and other rating organizations rank the companies that insure you, and the implications of these ratings for your insurance program, feel free to get in touch with us.

“Sticks and stones may break my bones, but words will never hurt me.” Unfortunately, this saying does not hold true for your firm.

Sad to say, in today’s “litigation society,” it seems that just about any business (including yours) can be sued for any number of reasons. Consider these scenarios:

• A computer error results in the release of sensitive information about a key client.
• An overzealous employee sends a LinkedIn message criticizing a competitor.
• A security guard detains a visitor that he suspects of theft.

Each of these incidents could easily lead to six-figure litigation; and, even if you won, you’d have to deal with the time, hassle, and expense of defending the suit – as well as the potentially significant indirect costs from negative publicity.

Not to worry. Personal Injury Liability insurance will pay for any judgment, up to the amount of the policy, against your business for non-physical harm to a third party from a wide variety of causes: libel, slander, defamation of character, false arrest, malicious prosecution, wrongful eviction, or violation of privacy. (This “peace of mind” coverage is distinct from another essential policy, Bodily Injury Liability, which covers allegations of physical damage).

Bear in mind that Personal Injury Liability has a far different definition in insuring your home and auto. Under a Homeowners policy, it covers physical harm to people injured on your property or as a result of your actions. Auto Liability insurance includes two coverages –Bodily Injury and Property Damage – that, together, are known as Personal Injury Liability or Personal Insurance Protection (PIP).

Our Business insurance specialists stand ready to recommend a Personal Injury policy that provides the coverage you need, at a price you can afford. Give us a call.

The chances are that your company relies heavily on one or two people – such as a partner, operations manager, or foreperson – whose knowledge, expertise, or overall contributions are essential. If death put this person out of the picture, where would you find the financial resources to keep you up and running?

The answer: a Key Person Life Insurance policy under which your company receives all or most of the proceeds. This term can also apply to other coverages used for business continuation purposes, including: 1) Buy-Sell or Shareholder Insurance, to reimburse partners or investors; 2) Debt Protection; and 3) Revenue Protection. You can use the funds to replace lost income due to the unavailability of the key person and to recruit, develop, and train a replacement.

The policy’s cash value might be available to your business through a withdrawal or loan, if needed. You can also split the premium and death benefit between the firm and the spouse or partner of the key person to ensure that she or he receives replacement for the person’s economic value to the family (However, these premiums are not tax deductible).

What’s more, Key Person coverage provides a financial asset that enhances the creditworthiness of your company for commercial lending, by ensuring that the business will stay up and running if the key person is out of the picture.

The amount of coverage you need will vary – say, from $100,000 to $500,000 – taking into account what your budget allows versus how much the business would need to survive while you’re bringing a replacement up to speed.

As always, our agency stands ready to advise you at any time.

More and more businesses are storing data on off-site service providers (known collectively as “the cloud”) to reduce costs and boost efficiency. However, many companies either don’t realize how vulnerable this information is, or don’t have contracts that make third-party cloud providers responsible for lost, stolen, or corrupted data.

If there’s a data breach when you’re using cloud-based services, who should be held responsible? Storing software and/or databases on the servers of a cloud provider with shared infrastructure immediately eliminates many of your cyber security controls. Backing up data in multiple locations increases the likelihood that it will survive, but also raises the odds of a data breach. What’s more, shared infrastructure can leave this information exposed to malware or other computer viruses.

What about connectivity? After all, your cloud provider can’t guarantee that you’ll have access 100% of the time. If the remote server goes down or there’s a data breach, how long might it be before you’re able to restore operations? How might such an incident affect your company’s reputation, and its financial position?

An effective Cyber insurance policy can reduce these risks significantly by:

1. allowing you limit the spread of sensitive or confidential information by reacting to cyber extortion as soon as possible
2. notifying your clients that their data has been lost
3. hiring a PR firm to get out the message to clients about the measures your company is taking to prevent future breaches
4. providing the ability to set up a data center
5. reimbursing customers and clients for confidential information compromised by the breach

Our agency can help you select comprehensive coverage that can protect your data in the cloud.

If you rely on shipping your products, you could lose a bundle, unless you have freight cargo insurance. Freight carriers are legally required to carry a minimum amount of insurance (“carrier liability”) of 10¢ per pound, and this total liability can be no higher than the invoice value of your shipment. Check with your carrier(s) for specific information on coverage, deductibles, and claims management.

Because your goods will probably be worth far more than these limits and freight is more susceptible to damage than smaller shipments, it makes sense to buy a freight cargo policy.

Some policies cover all modes of transit. Others only cover ocean vessels, or exclude warehouse storage. If you have separate insurance on your own warehouse, fine. If not, you’ll be vulnerable to a dangerous loophole for uncovered losses.

Anything can happen in transit from natural disasters, theft, damage, train derailment, accidents, fire, containers falling overboard, collision, to anything else you can think of. Freight cargo coverage sometimes excludes such perils as war and piracy. To learn which risks your policy does and doesn’t cover, read it carefully. For peace of mind, you can also take out “all risk” coverage (by paying a higher premium).

Bear in mind that freight cargo insurance covers only damage or loss to the goods transported, it will not reimburse you for lost time, labor, or shipping costs.

If you suffer a loss, file with a claim with your freight carrier and insurance company as soon as possible, preferably within 24 hours.

Because prices and coverages of freight cargo policies vary widely, our insurance professionals would be happy to help you shop for the best value. As always, we’re here to help.

No matter how prepared you are – or believe you are – you can still suffer a cyber-security breach. What you do next can have a profound impact on the reputation of the business, customer loyalty, employee morale, and, ultimately, your bottom line.

An effective communication strategy should follow these guidelines:

1. Notify key regulatory and legal authorities as soon as possible, unless this might impede a criminal investigation. Even if notification isn’t required by law, it’s an important courtesy.
2. Make sure that staff roles and responsibilities for communicating the breach are outlined and understood clearly.
3. Tailor the notification process to the audience – high-value customers, senior employees, or individuals who might particularly vulnerable (such as the elderly, the disabled, and minors) and to the nature of the breach; handle the theft of confidential client information differently than stealing employees’ Social Security numbers.
4. Have legal counsel review the method and content of all communications.
5. Prepare for media inquiries to deliver a clear message for parties affected directly or indirectly. Be sure that your spokesperson is qualified and trained to deal with the media.
6. Provide ways for victims of the breach to ask additional questions and/or learn how to minimize potential harm.
7. Test the plan: If you had to execute it, how well did it work, and how did you update it? Many businesses have discovered holes in their response plans after failing to consider the impact of a cyber security breach on daily operations, or underestimating the attention the event drew.

To learn more about spreading the word after a data breach, please get in touch with us.

According to the U.S. Chamber of Commerce, crime, from burglary and shoplifting to fraud and embezzlement, plays a role in up to 30% of business failures. To help protect your company (and keep your insurance costs under control), use this checklist:

Employees:

• Do background checks on all applicants
• Train employees on safe opening and closing procedures
• Instruct them on what to do in case of robbery, make it clear that they should never endanger themselves by trying to protect money, property, or other valuable items.

Money:

• Keep the amount of onsite cash to a minimum. Make bank deposits daily and vary your time and routes to and from the bank
• Skim cash drawers throughout the day to ensure that large amounts of cash are not kept in the registers
• Check cash register receipts against your deposits daily to reduce the threat of employee dishonesty
• Immediately mark any checks received as “For Deposit Only.”

Property:

• Make sure that all doors are locked during non-business hours
• Keep rear doors locked from the outside at all times by installing panic locks. Do not use padlocks
• Keep the interior and exterior well lit during non-business hours
• Have a safe on site to store small amounts of cash, important documents, or other valuable items. Change the safe’s combination periodically
• Install security cameras throughout the property, with all entranceways and cashier areas under surveillance
• Set up a perimeter security system with appropriate signage to warn would-be criminals that the property is protected.

Our experts stand ready to review your security procedures at any time. Just give us a call.

If a windstorm, fire, or other catastrophe ravages your building, property insurance will pay for repair and rebuilding, up to the amount of coverage. But what about the cost of clearing and disposing of debris before reconstruction begins?

Your property policy provides a percentage of total coverage, often 25% of the direct loss plus 25% of the deductible,– for removing debris after a covered loss. For example, with a loss of $100,000 and a $2,000 deductible, the removal payment would come to $25,500: 25% of $51,000. If this doesn’t cover the cost, or the amount of the loss plus debris removal is higher than your coverage, the policy will pay another $10,000 per occurrence to dispose of debris. If you need additional coverage, some insurance companies will provide it through a policy endorsement, free, or for a nominal premium surcharge.Depending on the cause of loss and the degree of damage, these costs can be significant. For example, a fire might consume much of the debris, making removal largely a clean-up expense. On the other hand, if a hurricane or tornado caused the same amount of damage, clean-up might mean locating and cleaning up debris that the storm carried away from the site as well as clearing rubble from the location itself. What’s more, disposal of hazardous materials (such as asbestos tiles and chemicals) will be far more complex,– and costly,– than simply using a backhoe and dump trucks to haul the stuff off to the nearest landfill.

To learn more about this valuable coverage, just contact our agency. As always, we’re here to help you protect your business.