Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Technology innovations boost risks for telecommunications companies

Security breaches increase exposure to privacy liability

Reprints

As communication links multiply around the world, companies that provide much of the infrastructure for that growth face some huge security and liability issues, insurance experts say.

Telecommunications companies, many of which have long ceased to be simply providers of telephone services, now have to guard against numerous sophisticated attempts to breach their networks in pursuit of private information.

And when the networks are compromised, insurance coverage for any financial losses is limited, experts say.

The telecommunications industry poses one of the highest risks in the technology sector, said Julie Davis, executive vp and managing director of San Jose, Calif.-based Aon Affinity Insurance Services Inc., its Wired for Growth risk management program and Aon's technology practice.

"Out of all the technology sectors, telecommunications ranks highest in its exposure to privacy liability...because it collects and stores a great amount of private data," Ms. Davis said. The data includes: date of birth details, driver's license information, credit and financial information, and social security numbers.

With the rising numbers of electronic security breaches, telecommunications companies have an increased level of exposure and are liable to third-party and their own network risk exposures.

Key areas of concern include: breach of security/confidentiality; theft of or damage to intangible assets; release of viruses, Trojan horses (a program containing malicious logic that allows the unauthorized collection, falsification, or destruction of data) or worms (a program that duplicates itself many times, often carrying a virus); contractual liabilities; Internet media/publishing liability; business interruption; cyber extortion; personal identity theft; and public relations/crisis management, Ms. Davis said.

In addition, growing government regulations, designed to protect the rights of consumers, create additional telecommunications industry exposures.

Major risks faced by telecommunications companies are security leaks and data breaches involving employee or customer data, said Valynda Murphy, an Atlanta-based managing director at brokerage Marsh Inc.

"The challenge is that no longer is the phone company just a phone company. You can buy a wide variety of services, including Internet and Web site services, all from one provider," she said.

Each service gives rise to all kinds of liabilities.

Traditional protections that telecommunications companies have enjoyed do not cover many of the new exposures, said Emily Freeman, London-based executive director of technology, media and cyber risks for Lockton International, a London unit of Kansas City, Mo.-based Lockton Cos. Inc.

Security vs. connection

Telecom companies "have a considerable contractual and federal law immunity (in the United States) from customers that restricts the ability of people to sue for service failures," but "that does not necessarily apply to breaches of security or privacy affecting consumers, which is a separate issue from whether the phone was correctly connected or there was a service interruption. You have to separate the traditional liabilities of a telecommunications company's operations issues from security and privacy issues," she said.

The biggest source of claims against telecommunications companies occur when integration of services fails, said Michael Flanagan, managing director of Gallagher CyberRisk Services, a division of Itasca, Ill.-based Arthur J. Gallagher & Co.

"The information highway is no different than the highway you drive to work on, and the dangers are the same," he said. "You have to ask yourself, who are these people driving around on the Internet? Do they have license plates? Do they use their seat belts?"

John Lewis, Kansas City, Mo.-based senior vp at Lockton, said cyber crime, intellectual property theft and identity theft can all be wrapped up into a general business risk policy in the United States.

"Cyber risk coverage has really been a niche market," Mr. Lewis said. "Today, underwriters have technical experts that specialize in the insurance and risk management side of the business. Now specific (policy) forms are written for cyber risk coverage. Some can be an adjunct to errors and omissions policies, while others have specific cyber coverage written for a specific company."

Scope of coverage

Ms. Freeman said coverage and the quality of coverage varies significantly from underwriter to underwriter.

"There are no standard industry forms. The data protection risks are usually covered along with a wide variety of other risks, like technology or telecommunications, errors and omissions, intellectual property and media," she said. "We have worked to improve that wording, even what the underwriters typically offer the market, but there is a real variability as to the scope of coverage and this is quite a serious risk" to telecommunications companies.

Telecom professional liability forms do vary from underwriter to underwriter whether in the United States or Europe, Ms. Freeman said.

"Two key issues are the scope of the contractual liability coverage and data protection coverage. Some policy forms lack strong affirmative language for data protection risks or contain limitations that do not address the evolving threats and legal regulatory environment," she said in an e-mail.

"In the European Union, unlike the United States, such coverage may be in a blended general liability/professional liability wording. The U.S. tends to have separate general liability and professional indemnity policies," Ms. Freeman said.