The company is a multi-location, diverse, food services company with a retail grocery market, pharmacy, restaurant, catering and banquet services. The company questioned their cyber and privacy coverages given their growth and expansion into other businesses.
Process and Issues
Alera Group reviewed the company’s cyber policy and uncovered several shortcomings:
- There was only one named insured on the policy with no broad named insured endorsement. The company had several business entities.
- The restaurant and gift shop had no coverage as it pertained to Cyber and Privacy Liability for credit card transactions.
- First party forensic and public relations expense limits were low relative to companies of similar size.
- No business interruption for Cyber or Privacy Liability was extended to them in the event of a breach or malware issue.
The insured was unaware that Cyber and Privacy Liability exposures, in today’s world, are being pushed back to them at the point of sale. If a breach occurs on their network, and credit cards are collected at the point of sale, and they are liable for the breach, they could be responsible for a number of costs related to the breach. This could include notification costs, credit monitoring services for impacted customers, and possibly the costs incurred for setting up new accounts, new credit cards, and more.
Alera Group’s team of experts drafted a plan to fix the identified coverage gaps. This also included higher limits of liability.
The team successfully negotiated a competitive new program that expanded their coverage to include all business entities, and made the entire limit of liability available to them for items like forensic expenses, public relations expenses, notification costs, credit monitoring and liability associated with the breach, all of which previously had small sub-limits or were not covered.
The outcome was that the Alera Group team was able to avert a potential uncovered claim that could have cost the client between $100,000 and $500,000.