The Emerging Importance Of Cyber Liability Insurance And EPLI

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mortgageorb.com/e107_plugins/content/content.php?content.15613

For lenders, determining proper insurance coverages, limits, optional
endorsements and deductibles can be a time-consuming and, let’s face it,
tedious task. To make things easy, many lenders simply purchase insurance
that meets the minimum requirements mandated by investors, warehouse
lenders or government-sponsored enterprises (GSEs), such as Fannie Mae and
Freddie Mac.

However, these entities aren’t necessarily recommending insurance based on
what’s best for the lender but, rather, the coverages that meet their
requirements. Often the only coverages mandated are fidelity (employee
dishonesty) and mortgage errors and omissions (for failure to obtain or
maintain insurance). This may leave a gaping, uninsured hole in a lender's
business activities.

In fact, in light of the current mortgage marketplace, three coverages in
particular are becoming more important for companies in the mortgage
industry and justify a conversation with your insurance broker:
professional liability (business malpractice), cyber liability insurance
and employment practices liability insurance. For this article, let’s focus
on the latter two insurance coverages.

What Is Cyber Liability Insurance?
Cyber liability insurance was created to protect companies from loss or
corruption of data, as well as liability from data theft. In terms of data
loss or corruption, the policy can cover the cost associated with such
instances as restoring data lost as the result of a computer attack,
restoring your computer system after a system failure and dealing with
forms of cyber extortion, such as a hacker threatening to unleash a
computer attack against your company unless you pay.

But cyber liability’s real value comes in the form of the coverage provided
in the case of data theft.

Why Do Lenders Need Cyber Liability Insurance?
The personal customer information a lender needs for underwriting loans
makes it a prime target for cyber thieves. Think about it. A lender
possesses everything cyber crooks need for identity theft - and they want
that data.

If a breach to a lender's system exposes a customer's personally
identifiable information, such as social security number, driver’s license
number, address, date of birth or bank account information, it may have a
significant liability.

The costs resulting from data theft can be astronomical. First, the lender
needs to notify customers, because 47 states currently require that
individuals be alerted of security breaches involving their personal
information. (Aditionally, a recent White House advisory group put out a
report calling for Congress to pass legislation on a single national data
breach standard. As a start to rectifying the situation with customers, the
lender would also most likely pay for a service to monitor their credit. On
top of that, a lender would need to perform crisis and reputation
management through public relations and other marketing efforts.

According to the Ponemon Institute, a research center focused on data
security, data breaches resulting from a malicious or criminal attack cost
firms, on average, $277 per compromised record in 2013. What's more, the
average loss per incident was $5.4 million.

Could your company handle a $5.4 million out-of-pocket expense? Or, look at
it this way: A database of a mere 1,000 records made up of customers, past
customers, prospects, etc., could result in a $277,000 expense if there
were a breach. So, how big is your customer database?

What Is EPLI?
Employment practices liability insurance (EPLI) can protect a lender and
its employees from a wide range of suits alleging wrongful employment
practices arising from age, sex, race, disability, religion or other forms
of discrimination. Covered losses often include damages, legal judgments
against the company, settlements, defense costs, and pre- and post-judgment
interest.

Why Do Lenders Need EPLI?
The Equal Employment Opportunity Commission (EEOC) reports that in 2013
more than 93,000 discrimination claims were filed. This represents
complaints only filed with the EEOC and doesn’t take into account
independently filed suits. Since the Civil Rights Act of 1964, every decade
has seen an increase in discrimination charges filed.

In fact, the current marketplace is a perfect storm of factors contributing
to more discrimination lawsuits. First off, the workplace has become more
diverse (more women, people of different races and from different
countries, older workers, etc.). Looking at this completely from a numbers
perspective, it makes sense that as the pool of people who could allege
discrimination increases, the number of lawsuits increases too.

The economy is another factor. Its ups and downs have resulted in
companies, especially those in the mortgage industry, letting go of
employees in order to reduce expenses. This, in turn, has caused the number
of wrongful termination complaints to increase.

It should be noted, however, that we’re simply looking at the overall
statistics and not whether these cases are justified. Certainly, there have
been landmark cases in the U.S. in which the wronged have received just
settlements and changed workplace conditions across the U.S. for the
better. However, the resulting publicity from those cases has also had an
effect on employees, making them more likely to consider a lawsuit as an
option, whether or not their claim is justified.

According to Jury Verdict Research (JVR), the median employment practices
award is in the $200,000 range, over the past 10 years, with 8% of these
verdicts at $1 million or more. Keep in mind, too, that defense costs go
toward a lender's policy limit. If a claim is settled before trial, the
legal costs can range from $10,000 to $75,000.

However, if a case goes to trial, defense costs can easily exceed $100,000.
These costs, plus any award (if the judgment goes against the lender),
means the lender could easily exceed a low policy limit and would have to
pay the remainder out of pocket. So, it’s crucial that the limits a lender
sets can provide adequate protection should it ever face one of these
claims.

Go Beyond Investor Requirements
If there’s one lesson to learn here, it’s that a lender needs to review its
insurance options beyond the requirements that investors/GSEs/warehouse
lenders mandate. Although cyber liability and EPLI do not directly affect
investors, as they don’t require these coverages, either could greatly
affect a lender, resulting in huge out-of-pocket expenses or even closure.

In the end, it’s best to look at what you need, not just what’s required.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!