One of Kingsgate’s clients is a thriving chiropractic practice in northwest Iowa. The practice has more than 5,000 patient records on file, digitally stored on premise or with a cloud provider.
Having all the patient files stored digitally is a sign of an efficiently run practice—but it also presents an elevated risk: liability associated with the loss of patient information.
While reviewing the chiropractor’s insurance needs, Kingsgate identified the potential for cyber liability if the insureds system were compromised or if their cloud provider experienced a breach. The client was unaware that a standard commercial general liability policy would not cover a cyber breach.
A Critical Coverage Gap
A general liability policy pays for property damage or bodily injury. “Property damage” is defined as:
- Physical injury to tangible property, including the loss of use of the property that occurs occur at the time of the physical injury; but
- Electronic data is not considered tangible property. A general liability policy does NOT cover liability associated with holding the data of others.
Many business owners feel as though they don’t need cyber liability because they hire someone else to process their transactions or store their data. This is a common assumption, but this assumption proves to be inaccurate in most circumstances.
When a business owner signs an agreement with a third-party tech service provider, that agreement typically includes a hold harmless provision. That provision will generally do one of the two things:
- Absolves the provider of all liability associated with the customer’s data, or
- Includes a liquidated damages clause that dramatically minimizes the actual cost of the breach to the service provider and pushes the cost back onto the business owner.
In either circumstance, the outcome is bad for the business owner who signed the agreement. The business owner will be responsible for paying the costs associated with the security breach, and the standard general liability policy will not pay for those costs.
In the case of this chiropractic client, Kingsgate found a clause in the agreement with its third-party vendor that would have held the provider completely harmless for all losses associated with the chiropractor’s data. Based on most recent industry estimates, a breach for this client could have potentially cost around $750,000.
Now aware of the exposure associated with patient data, the client knew it was an exposure they needed to cover.
Before a data breach could occur, Kingsgate went to work to close the gap.
Although standard property and casualty carriers often provide cyber endorsements on their policies, that coverage is generally less broad then what a specialty carrier can provide. Kingsgate solicited bids for cyber liability insurance from carriers that specialize in cyber coverage, offering comprehensive coverage that avoids many of the standard coverage gaps you can find in some cyber coverage forms.
Kingsgate placed a cyber liability policy for the chiropractor’s practice, successfully closing what had been a significant gap for the client.
If you’d like Kingsgate to review your cyber agreements and tech coverages, contact us today for a free quote.