RiskProNet News


Claims Managers Hear From Travelers

Phishing attempts, ransom attacks and paper breaches (yes, paper) are the most common cyber and privacy claims today, speakers from Travelers told the Claims Practice Group at a recent conference call.

“Our biggest claims are from phishing attacks. Criminals are finding ways to get into email systems and there is a gold mine of boxes. They’ll set up rules to auto-forward messages to themselves and then move the messages to your delete folder. It used to be that hackers would take over the inbox and send out spam. That is less common today as they are becoming better at hiding their tracks.”

Ransom attacks, in which cyber criminals lock up or encrypt data in a company’s files, are an increasing issue for two reasons. The professional attackers are getting more sophisticated. At the same time, more amateurs are involved.

Amateurs are locking up data but are unable to encrypt it. “This is simply an act of cyber vandalism.”

Sophisticated criminal groups offer call-in numbers, chat systems and even “help desks” to assist companies in paying ransoms. Some ransom requests are as high as $10 million.

“There is a tendency to focus on electronic breaches, but paper breaches are also an issue. They have real costs and happen with frequency. Someone leaves a stack of papers out or loses a brief case. In one recent case, someone mailed a package of W-2 forms. It was sealed incorrectly and all the W-2s were missing when it reached the recipient.”

The key for an independent agent is to stress that a client needs to report a cyber breach immediately. “Cyber claims can look benign and turn out to be malicious. Time is of the essence.”

“There is a tendency of the insured to downplay the risk. It’s not so much that they want to hide it from a carrier but a misunderstanding of how bad it can be.”

“We had an attack on the email system at a small engineering company. One person told me, ‘There’s nothing wrong with my system. I had my own IT person look at it, and I’m reporting it to you out of caution.’ Relying on your IT staff to tell you that you’re fine is almost like asking someone to grade his own paper. A good IT staff should not let the breach happen in the first place.”

Travelers clients are entitled to a free call to an attorney who is a “breach coach.” “I encourage the insured to take advantage of that sort of call. It won’t cost you anything and will give you peace of mind. If it does turn out to be something, you’re able to catch it. If there’s nothing to worry about, you’ve merely wasted half an hour of your time.”

It is important to report any suspicions of unauthorized access to the system. “The free call with the data privacy attorney will let you find out whether it is a big deal.”

Both possible as well as actual breaches of security should be reported. “You don’t need actual proof – only suspicion of it. It someone has gotten into the system without authorization, let us know.”

Most policies cover the forensics costs to determine whether an actual breach occurred. “Often we’ll find that someone got into the network but wasn’t able to access anything confidential. For example, they may have accessed a grocery list but not any social security numbers.”

“We need to educate clients to include IT people in the front end of investigations so you get the IT staff on board. IT people are generalists. You don’t necessarily expect that they will be able to stop all attacks. The takeaway is for agents to encourage clients to think about this when they deliver policies.

Third-party claims for data security breaches still are rare and court rulings are divided. Some courts say that the threat of damage to a third party is not enough – that the third party has to prove that he has suffered actual harm. It’s an “unsettled” area of law.

Travelers has a hotline on its website. If the insured wants to talk to a breach coach, this is possible without it becoming an actual claim.

EPL Common Claims: Sexual Harassment, Age Discrimination and Website Accessibility

Employment Practices Liability claims for sexual harassment are increasing. “We had an average of 10 more claims per month in the last quarter than in previous months.” Plaintiffs also are asking for larger dollar amounts.

About 30 percent of all EPL claims include an aspect of sexual harassment. However, 7 percent of individuals who say they were harassed never talked to a supervisor or manager, and 90 percent never took any formal action. In the current climate, it seems likely that claims may increase.

Age discrimination claims also are resulting from recruitment ads on Facebook. Facebook allows advertisers to target age groups, and some workers over 40 have claimed they were excluded from seeing the postings.

Website accessibility complaints also are an area of concern. Websites need to be accessible to people with seeing and hearing disabilities. Lawsuits have targeted schools over their educational materials, restaurants over online menus and retailers over the online shopping process. Often one law firm will target multiple businesses with “cut and paste” lawsuits by the same plaintiffs. Although the law prohibits awards of damages in ADA lawsuits, plaintiffs’ lawyers usually can recoup legal fees. In addition, there is the cost for businesses to make their websites accessible.


RiskProNet Previous Posts
Subscribe to Member’s News