Insurers now have access to a new sample endorsement they can use to provide “data breach” coverage to small- and mid-sized commercial accounts.
The American Association of Insurance Services (AAIS) has released the sample endorsement under its business owners program (BOP). AAIS is a national insurance advisory organization that develops policy forms and rating information used by more than 700 property/casualty insurers.
The endorsement was developed in conjunction with IDentity Theft 911 (IDT911), a provider of identity and data risk management, resolution, and education services. More than half of U.S. property/casualty carriers, including several member companies of AAIS, use IDT911 for identity theft loss control and recovery services.
The endorsement, which incorporates language proposed by IDT911, covers certain services provided to a commercial account in the event that personal information in its possession is lost, stolen, accidentally released, or accidentally published. Covered expenses include:
- Expert consultations;
- Forensic investigations;
- Legal and regulatory research;
- Notification to persons whose data may have been breached; and
- Credit and fraud monitoring for victims of identity theft.
Coverage under the endorsement is subject to an each-event deductible and an annual aggregate limit, plus separate sublimits for forensic investigations and legal/regulatory research expenses.
Coverage extends only to the types of losses identified in the endorsement. Non-described costs are explicitly excluded, as are costs arising from reckless disregard for information security, costs to identify or correct deficiencies in systems or procedures, and other types of expenses.
“This sample endorsement provides our BOP affiliates who use IDT911 with language directly referencing the services provided by IDT911,” says Joseph Harrington, AAIS director of corporate communications. “The coverage can allow insureds to respond quickly to a data breach, while protecting insurers from open-ended exposure to operational failures and financial losses.”
“Small businesses are as exposed as large companies to data breaches,” says Matt Cullina, CEO of IDentity Theft 911. “Small businesses may not be able to absorb the repercussions associated with a breach. Data breach expense coverage can save a small business’s reputation and bottom line in a time of crisis.”
As a sample endorsement, the latest AAIS data breach coverage option is not filed; companies seeking to use it will need to take filing action on their own.