The challenges with cyber liability today are greater than ever. The most recent cyberattack at CDK Global was eye-opening, to say the least. It proves that any company can be vulnerable to a cyberattack. Whether it’s financial applications, email communications, sales order processing or customer relationship management systems. Data is the backbone of business. The more reliant a company is on digital data, the lower its tolerance is for any interruption or corruption of data caused by cyber threats. The recent rise in high-profile cyber incidents such as computer viruses, data theft, identity theft and other cybercrimes makes it critically important to keep data secure.
Data Breach
What happens when a data breach occurs and what are the implications from an insurance standpoint? Consider these scenarios:
- Scenario 1: One of your employees opens an email that has a computer virus attached to it. The virus crashes the dealership’s computer network but not before spreading itself to everyone in its contact list, including all customers. As a result, one of your customers gets the same virus and wipes out his whole network, and now the customer is suing your dealership for damages.
- Scenario 2: A disgruntled former employee logs into your network and blocks access to the company website so you cannot access your accounts or do business. After two weeks of this, everyone is upset because they cannot operate normally, and you are losing customers by the hour. Not only have you lost customers, but you may not be able to get them back.
Coverage Lacking
What do these scenarios have in common? None of these losses would be covered under a typical business insurance policy.
Commercial general liability policies cover claims for damage to others property, but damage to data is typically excluded. Not only is the damage to data excluded, but damage (including bodily injury) caused by a loss of data is often excluded as well. This means the full financial impact of these scenarios would fall directly on your business. The policies that add some cyber coverage by endorsement are usually very limited in coverage too.
Times have changed, and most businesses aren’t prepared for these scenarios. Yet they are happening every day at an alarming rate with more privacy and security breach headlines in the news, and only a small portion of what is happening is reported.
Major Cyber Attacks in 2024
- February 2024: UnitedHealth RX processor Change Healthcare — Ransomware attack causing massive disruption for four weeks! They had to pay a $22 million ransom to a foreign cybercrime group.
- April 2024: Discord IT Social Media — 4 billion+ chats were harvested!
- May 2024: Ascension Health Systems — Ransomware attack that forced it to divert emergency care from some of its hospitals.
- June 2024: Rite Ad had 2.2M people that were affected by a data breach due to a ransomware attack.
- June 2024: CDK Global — Two cyber-attacks within 48 hours caused CDK to shut its systems down. This impacted more than 15,000 auto dealerships. Many dealerships had difficulty doing “business as usual” with their DMS completely shut down. Many dealerships had to revert to manual analog operations which impacted their ability to do business. Some dealers suffered a loss in revenue during this two-week outage. To get systems back online, CDK may have paid a significant ransom.
How to Avoid Losses
Be sure to ask your agent about coverage for loss of your data but also for the liability for the loss of your customer’s data.
Endorsements and or policies to cover data are readily available. There are many versions of so-called “cyber liability” policies available in today’s marketplace, and it is important to carefully review terms and conditions to make sure such a policy will do what you expect it to when needed.
You may want to consider having a security risk assessment performed by an IT professional who specializes in data security. This will help discover the strengths and weaknesses of data handling processes and fix them before something bad happens. A thorough risk assessment along with adopting best practices demonstrates that your dealership has exercised due diligence, and when properly documented, may serve as an affirmative defense when a cyber threat impacts your employees or customers. An ounce of prevention is worth a pound of cure!
Cyber Liability Policies
Cyber Liability policies can vary in both limits and costs. Typically, limits are available from 250K to over 1M. Premiums vary based on size of operation and revenues. The average premium for an auto dealership is between 5K and 6K a year. However, the premiums for dealerships can range from 3K to over 10K a year based on your exposure, liability limits and deductibles chosen.
It is important to make sure that any cyber and privacy liability policy you consider purchasing has coverage for 1st party losses such as business interruption, cyber extortion loss and data recovery costs. Your cyber liability coverage should include both data and network, regulatory defense, and media liability. In addition, your coverage should include privacy breach notification costs, cybercrime, multi-media liability and advertising injury, technology errors and omissions, court attendance costs, and crisis communication costs. E-Crime sublimit coverage should include fraudulent instruction, funds transfer fraud and telephone fraud. It is important to make sure you purchase a comprehensive cyber policy.
GADA Insurance Services has been in operation for 18+ years, offering insurance needs to dealerships. We have seen a multitude of areas where dealerships may be costing themselves money. Cyber liability should not be overlooked. Please contact me or your P&C account executive for additional information.
Shawn Presnell
Managing Director of Insurance
(678) 428-9247 | shawnp@gada.com
Felix Jackson
P&C Account Executive
Atlanta/North GA
(770) 570-8212 | felixj@gada.com
David Crew
P&C Account Executive
Middle/South GA
(470) 303-9051 | davidc@gada.com