BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Protecting Corporate Agencies From Cyber Crime

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 16 Jun 2015 19:20:35 -0600
http://www.travelmarketreport.com/articles/Protecting-Corporate-Agencies-From-Cyber-Crime?articleid=14810

Do you have cyber liability insurance?

In this era when cybercrime is outpacing physical crime, any corporate
agency without cyber liability protection is a sitting duck, according to a
corporate travel specialist.

“Corporate travel agencies are one of the few businesses that absolutely
must keep active credit card numbers in their client profiles,” said
Michael Reich, owner and corporate travel specialist at Master Travel and
Cruises in Wellington, Fla.

“Maintaining those active profiles opens you up to tremendous liability
that is not covered by your standard errors and omissions or business
liability insurance.”

Corporate agencies are vulnerable
As more and more business is conducted electronically, electronic crime is
becoming more and more common—and corporate travel agencies are a tempting
target.

Corporate agencies are vulnerable on two fronts, Reich told Travel Market
Report.

The obvious danger is the agency data system being hacked. Client data and
agency funds can both be stolen. The less obvious danger is client credit
cards that are compromised by an unknown breach.

“Say your client gets a call from American Express saying their card has
been compromised and a replacement card is on the way,” Reich said. “It has
happened to me, sitting here in West Palm Beach with my card in my wallet
while it was being used fraudulently in Tennessee.

“Because the agency has that compromised card in an active profile, you are
automatically suspect as a source of the breach. All it takes is one
lawsuit, even if you win, to put you out of business.”

A ‘no-brainer’
Reich said he had never heard of cyber liability coverage until one of his
corporate clients asked about it.

The client, a major Florida corporation, was updating its own insurance and
security portfolio and requiring vendors to follow suit. For Master Travel,
that meant errors and omissions and cyber liability coverage.

“Errors and omissions insurance is a no-brainer for any agency, leisure or
corporate,” Reich said. “But I had never heard of cyber liability. That’s
when my client started connecting the dots between my own experience with
credit card breaches and our potential liability regardless of fault.

“A client calling to say their credit card has been compromised is not an
everyday occurrence, but it is an every week occurrence that someone calls
to update their profile with a replacement card.”

Expensive
Cyber liability coverage is one of the more expensive insurance policies an
agency is likely to need, according to Reich.

Expect to pay $3,000 to $3,500 annually. And only a few insurers offer
liability coverage for electronic breaches and thefts.

Leisure agencies probably don’t need cyber liability cover, Reich added.
The agency’s liability exposure is based on its retention of active credit
card numbers in client profiles. And leisure profiles should not include
credit card numbers.

“Corporate agencies have no choice about keeping client card numbers,” he
said. “I have clients who book employee travel every day. Our back office
system has to have that number on file.

“It is encrypted, as required by card issuers, but the card number can be
stolen from any number of sources. And no one can guarantee that encryption
can’t be broken.”

A competitive advantage
The good news is that cyber liability insurance has emerged as a
competitive advantage, said Reich. Most potential corporate clients
understand the risks of cybercrime even if they don’t know about cyber
insurance.

“Corporations of a certain size recognize the risk of cybercrime, or they
do by the time I’ve finished pitching our services,” Reich said. “Our cyber
liability coverage offers them protection from day one.

“That’s the kind of proactive value add that helps convince companies to
switch agencies.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: