Data Protection (Cyber) Liability
The heart of a company is its network and IT department. Strategic data, trade secrets, financial information, personally identifiable information of employees and customers are held, processed and stored on servers accessible on the network and on mobile portable devices, such as personal digital assistants and laptop computers.
Businesses routinely outsource everything from their information technology (IT) departments to finance, accounting and human resources. Outsourcing, of course, is designed to help companies achieve cost efficiencies, save time or gain a particular area of specialized expertise. What many companies may not realize, however, is that outsourcing these operational functions potentially gives vendors access to confidential information and may open the door to a serious breach in data security.
In many industries, security and privacy (data protection) is a board room, top-10 risk facing the enterprise. “Cyber liability” is composed of two defined risks:
- Security Liability is the unauthorized access/use of a utility’s (or vendor/partner/ independent contractor) network. In 2007, the exposure increasingly involves the theft of mobile computer equipment such as a desktop server or a laptop to perpetrate data theft. It is well known that many cases involve inside employees who have trusted access into the network. Employees or trusted third parties with access into the network can steal identity information, critical business information, transmit malicious code, and participate in a denial of service attack against your network or the network of others. This risk includes paper documents, as well as electronic data.
- Privacy Liability is the violation of privacy laws or regulations that permit individuals to control the collection, access, transmission, use, and accuracy of their personally identifiable medical and/or financial information. The most serious civil and regulatory exposure surrounds personally identifiable non-public information; however there are risks associated with disclosure or theft of confidential corporate data of others.
Management of data protection risks involves brand and reputation risks, financial costs, and operational challenges.
Lockton has access to all the industry leading insurance products, as well as being a leader in advancing the scope of coverage. We have 
proprietary amendments to the policy forms, as well as a proprietary line slip for SME risks, particularly in high compliance industries. We also continuously participate in industry forums on this risk issue, as well as publish white papers on technical topics.
We also have access to a variety of legal and security professionals who can assist in designing privacy statements, improving security policies and procedures, and support post-loss where notification and crisis management expenses and decisions need to be made quickly.
In this risk area, we have specific industry expertise in:
Lockton Service
Service starts with listening. We take the time to understand your specific goals, design a program that fits your needs, aggressively negotiate coverage, and implement a service plan. You will have the same dedicated service team throughout the entire process which allows us to anticipate your needs and create accountability.
It’s all about you. As a private, family-owned company, all our Associates focus solely on you, our client, rather than public shareholders.
Long-term thinking. Clients stay with us based on our expertise, creative solutions, seamless global resources and outstanding service. Our client retention rate of 95 percent reiterates our commitment to each and every client.