Data breach, cyber liability, network security are just some of the terms used to describe risks related your customers sensitive personal information. Recently, this large risk has received much media attention due to the costly breaches of Target and most recently Home Depot.
Many small businesses assume that the general liability insurance is sufficient to cover this risk. However, with many of the insurance companies now heavily marketing their own standalone cyber liability policies, this is becoming more clearly not the case.
Most companies are now specifically endorsing or changing policy language to exclude this risk or so limit it in the general liability coverage that it is non-existent. Those who are not taking this proactive position still may have standing to deny you coverage based on the fact that most of these breaches do not cause damage to tangible property and the property damage to third parties coverage is limited to tangible property, physical injury, tangible damage.
Moreover, your operations may also require more robust coverages. For instance, even if your policy covers the client’s expenses related to the breach, it would not cover your expenses even when there is not damage. Most states require some notification if a breach occurs and these notification procedures can be expensive and may include providing credit monitoring service to those clients. For this reason an endorsement or stand alone policy would be necessary.
In short, it is very important to understand how your e-commerce activities are or are not protected in your small business general liability insurance policy. In addition, for ideas of how to prevent a data breach, see this article.