How easy is it to have a data breach? Re­cently I went to a used furniture store to buy a file cabinet for my workshop. I purchased a used four drawer file cabinet which the store employee loaded into the back of my car, with the file drawers facing up. When I returned home and opened the trunk, there was a file folder that had fallen out of the drawer and was not found by the company sell­ing the file cabinet. It was a complete medical file showing all of his health issues, including all of his personal data including his social se­curity number, insurance card, photo copy of his drivers license and credit card used for his co-pay. For a fleeting second, thoughts of a new 70-inch 3-D HD television flashed through my head, but what if that information fell into the wrong hands?

Propane companies normally retain and store sensitive personal data. The data could include the full name, address, date of birth, social security number and even credit card numbers of your customers. In addition, many companies have employee files that contain sensitive personal data for both current and past employees. A security breach could easily happen to your company exposing all of your custom­ers and employees to identity theft and credit problems. Here are a few examples:

  • A hacker breaks into your network or your paper files and steals all of your customer and employee data.
  • An employee’s laptop or USB flash drive is stolen containing your customer informa­tion.
  • A disgruntled employees action distributes customer information in a mass e-mail, or posts sensitive data on a website.

If this happened to your company, you now have a data breach. To clean up the mess, here are a few steps your company may have to take.
California has a notification law, declaring your company must notify all your customers of the security breach. You are required to pay for a call center, drafting written alert and press releases, printing, postage and advertising/ publications to inform your customer of the security breach.
Your company will be required to pay for credit monitoring service caused by your cus­tomer’s personal information being exposed.
Your company could be facing lawsuits caused by failure to secure customer informa­tion and the resulting damage, which could result in years of litigation and large legal fees.
Your company will face additional costs in trying to determine how your system was breached and installing a new security system to guard against future instances.
How will your company afford to pay for these costs? The typical property and general liability policy will not cover any of these losses, so you would be faced with out of pocket expenses. A typical data loss scenario with only 1,000 customers could possibly cost you $200,000. And 5,000 compromised records could cost your company nearly $1,000,000. Even worse could be the possibility of cyber extortion.

The cost to purchase cyber liability is minimal compared to the potential liability that your company could face. The premium is based on annual revenue. The following is some sample premiums, based on limits of ei­ther $500,000 or $1 million.

Annual Revenue Annual Premium
$0 – $2.5 Million $500-$750
$2.5 Million to $5 Million $600-$840
$5 Million to $7.5 Million $700-$980
$7.5 Million to $10 Million $800-$1,100

Cyber breaches are almost a daily occur­rence in the news, this writer strongly suggests contacting your insurance agent today to get a quote and purchase a policy.

Frank Thompson, CPCU
President, PT Risk Management

Subscribe to newsletter

Sign Up For Our Newsletter