The Clarity Blog

HELPING JEWELERS BE SAFE, SECURE, AND SUCCESSFUL

The Clarity Blog

Why You Need Cyber Liability Coverage With Jewelers Block Insurance

Posted by Logan Moore on Apr 17, 2018 11:15:00 AM

Lock on top of microchip

Protecting your inventory from crime, fire, natural disasters, and shipping-related risks with a jewelers block insurance policy is a must.

Unfortunately, many jewelers fail to recognize other risks, which includes extremely large expenses stemming from liability-related costs.

While some jewelers know that employment practice lawsuits and appraisal liability claims are a possibility, an even smaller percentage are aware of what may be the most concerning threat of our time: cyber crime.

Cybercriminals aren't just stereotypical hackers who are geniuses when it comes to computer networks. More and more data breaches are resulting from social engineering schemes, such as spear phishing emails.

In fact, the 2017 Cybercrime Report by Cybersecurity Ventures states that 91% of sophisticated attacks begin when targeted individuals voluntarily disclose sensitive information.

The most alarming statistic for the jewelry industry is the proportion of victims when categorized in terms of size. According to Verizon's 2018 Data Breach Investigations Report, 58% of breaches involve small businesses.

If there's any good news, it's that you can protect your business with cyber liability coverage. Jewelers Mutual's product can be added to a Businessowners Policy and covers first-party losses — such as loss of money incurred due to financial fraud — and liability claims where there's a duty to defend lawsuit or regulatory penalties are incurred.

Learn more about examples provided by NAS Insurance Services* of how jewelers could be impacted and how cyber liability insurance can help manage risk:

First-Party Losses Third-Party Losses
Privacy breach response Multimedia liability
Network asset protection Security and privacy liability
Cyber extortion Privacy regulatory defense and penalties
BrandGuard® PCI DSS assessment
Cyber crime  

Learn more about Cyber Liability Insurance by viewing webinar playback on our online learning platform!

Enroll in JM University

 

Privacy breach response

Highlights

In addition to covering privacy breach response costs, this coverage also includes notification expenses and breach support credit monitoring expenses.

Receiving notification on phone and laptop

Scenario

A network programming error caused the customer information of a mid-sized chain of jewelry stores to become publicly visible on the internet.

Approximately 8,700 customers were affected by the breach.

RELATED: Equifax breach to cost total of $439M

Insurance covered the breach response costs, including customer notification costs, IT forensic expense, legal fees, and public restoration expenses, all totaling more than $125,000.

[ Back to top ]

 

Network asset protection

Highlights

Coverage for income loss, interruption expenses, and data recovery costs incurred due to a variety of causes, from accidental damage of electronic media to cyber attacks.

Man servicing computer network

Scenario

A high-end watch retailer was the victim of ransomware carried out by a hacker who entered the retailer's computer system through a vulnerability in the network.

The malware installed by the hacker immediately encrypted data stored on the system, including accounting, payroll, sales receipts, and vendor records. The hacker demanded payment to unlock the data. The retailer could not process orders or shipments or otherwise maintain normal business operations while attempts to resolve the incident were underway.

RELATED: Ransomware protection for jewelers: Prevention and response tips

Insurance covered the retailer's income loss of $15,000 resulting from the business interruption.

[ Back to top ]

 

Cyber extortion

Highlights

Coverage for extortion expenses incurred and extortion monies paid as a direct result of a credible cyber extortion threat, including ransomware.

Hacker with money at computer

 

Scenario

The owner of a jewelry repair store downloaded an e-mail attachment that appeared to be from his bookkeeper.

The attachment contained ransomware which, when downloaded, immediately encrypted files stored on his computer, including accounting and payroll records. when the owner tried to access a file, a message appeared on the computer screen demanding a ransom payment in Bitcoin to receive a decryption key.

With the help of an IT expert and legal counsel, the threat was determined to be credible, and the ransom was paid.

RELATED: Global cyber attack could cost $121.4 billion

Insurance covered $10,000 in total damages for the ransom payment, IT fees and legal expenses.

[ Back to top ]

 

BrandGuard

Highlights

Coverage for loss of net profit incurred as a direct result of an adverse media report or breach notification following a security or privacy breach.

microphone and laptop at media briefing

Scenario

After reporting a data breach to state officials, a retail store was featured in a series of news reports concerning data breaches impacting local businesses.

One such report accounted the specific details of the breach experienced by the store and its response to the incident. The news report aired at the start of the holiday season. The store experienced a significant downturn in business due to the news reports.

RELATED: Target settles 2013 hacked customer data beach for $18.5 million

Insurance reimbursed the store for the demonstrated loss of net profit resulting from the adverse media reports.

[ Back to top ]

 

Cyber crime

Highlights

Coverage for losses incurred due to:

  1. wire transfer fraud
  2. fraudulent use of an insured telephone system
  3. phishing schemes that impersonate your brand, products or services, including the costs of reimbursing your customers for losses they sustain as a result of such phishing schemes

    Computer hacker behind screen

 

Scenario

A jeweler received an e-mail from a supplier requesting that a payment in the amount of $58,450 be sent via wire transfer. After wiring the funds, the jeweler discovered that the wire transfer request was not legitimate; she has received a "spoof" e-mail, sent by a hacker posing as the supplier.

The jeweler's bank refused to return the funds because all wire transfer protocols were followed, and the wire appeared to be legitimate.

RELATED: 8 tips to keep emails safe at your jewelry business

Insurance covered $10,000 of the fraudulent wire transfer.

[ Back to top ]

 

Multimedia liability

Highlights

Coverage for claims alleging liability resulting from the dissemination of online or offline media material, including claims alleging copyright/trademark infringement, libel/slander, plagiarism, or personal injury.

Hand about to bang gavel on sounding block in the court room

Scenario

A jewelry store owner received a "cease and desist" demand letter alleging copyright infringement after the owner pulled an image from a Google Images web search and used it on the store's website and online promotional material.

The copyright holder of the image was able to locate the website and promotional material and subsequently demanded removal of the image and compensatory damages.

RELATED: Is this copyright infringement? What images you can & can't share [Infographic]

Insurance covered the costs to defend the claim and compensatory damages

[ Back to top ]

 

Security and privacy liability

Highlights

Coverage for claims alleging liability resulting from a security breach or privacy breach, including claims alleging failure to safeguard personal information.

Using computer with data on-screen

Scenario

A jeweler completed the appraisal on a customer's collection of diamond jewelry and had her store manager email it the customer.

A few days later, the customer called and stated that she never received the completed appraisal, which alerted the store manager that the appraisal had been inadvertently sent to the wrong email address.

The appraisal contained personally identifiable information (PII). The customer filed a lawsuit against the jeweler for negligence and failure to safeguard confidential information.

RELATED: Guidance on the protection of personal identifiable information

Insurance covered defense costs and damages associated with the lawsuit.

[ Back to top ]

 

Privacy regulatory defense and penalties

Highlights

Coverage for regulatory fines and penalties and regulatory compensatory awards incurred in privacy regulatory proceedings/investigations brought by federal, state, or local governmental agencies.

showing jewelry before sale

Scenario

A national jewelry store chain discovered malware operating on point-of-sale (POS) devices at several of its locations. The malware was designed to access payment card data, including customer names and card numbers, from cards used the POS devices.

The jewelry store chain disclosed the breach in a press release, and a customer affected by the breach subsequently filed a consumer complaint with the Federal Trade Commission (FTC). The FTC investigated and found that a lack of technical safeguards contributed to the theft of credit card data. The FTC ordered payment of civil fines and penalties for unfair data security practices.

RELATED: Free tools to protect your business from cyber attacks

Insurance paid for the defense costs and fines and penalties incurred in the FTC investigation.

[ Back to top ]

 

PCI DSS Assessment

Highlights

Coverage for assessments, fines, or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) or payment card company rules.

Credit card in termina

Scenario

A security breach of a jewelry store's card reader system resulted in the exposure of credit card data of over 2,000 cardholders.

An investigation of the security breach determined that customers' credit card data had been 'skimmed' off the compromised system by criminals to be sold on the black market, and the store failed to maintain the required data security controls under the PCI DSS.

RELATED: How to spot and avoid credit card skimmers

The acquiring bank imposed fines and assessments in the amount of $380,000 against the store for failing to comply with PCI DSS. Insurance covered the PCI DSS fines and assessment.

[ Back to top ]

 

Learn more about Cyber Liability Insurance

View a recorded webinar on JM University hosted by a loss prevention expert and product analyst to better understand cyber threats, what best practices you can take to prevent cybercrime, and understand how cyber liability coverages help protect your business.

Enroll in JM University

 

*The scenarios used are examples of the types of claims and associated costs commonly seen and do not represent a comprehensive explanation of any one particular claim. While the subject coverage is designed to address certain risks and associated costs, coverage may not be available in all circumstances. Each reported claim will be evaluated on a case-by-case basis. The actual policy or endorsement language should be referenced to determine coverage applicability and availability.

** Any coverage description are a brief summary of coverage and are not part of any of the described insurance policies, nor a substitute for the actual policy language. Not all coverage is available in all U.S. states and Canada.

Topics: Data / Computer, Jewelers Block

Working for You!

The Clarity Blog from Jewelers Mutual has information, tips, tools, and techniques aimed at helping you run a more secure and successful jewelry business - straight from the leading insurer solely dedicated to insuring jewelry and the jewelry industry.

Subscribe today!

Have Feedback?

Share your story idea.

Tell us what kind of content you'd like to read about.

Jewelers Mutual Insurance Group

Protecting Cherished Memories® since 1913

Subscribe to Blog Updates

Follow @JMStaySecure

Follow @JMStaySecure on Twitter to get expert loss prevention and security advice along with crime alerts from , the business and personal jewelry insurance leader.

Follow @JMStaySecure

Recent Posts