Do you have cyber liability insurance?
In this era when cybercrime is outpacing physical crime, any corporate agency without cyber liability protection is a sitting duck, according to a corporate travel specialist.
“Corporate travel agencies are one of the few businesses that absolutely must keep active credit card numbers in their client profiles,” said Michael Reich, owner and corporate travel specialist at Master Travel and Cruises in Wellington, Fla.
“Maintaining those active profiles opens you up to tremendous liability that is not covered by your standard errors and omissions or business liability insurance.”
Corporate agencies are vulnerable
As more and more business is conducted electronically, electronic crime is becoming more and more common—and corporate travel agencies are a tempting target.
Corporate agencies are vulnerable on two fronts, Reich told Travel Market Report.
The obvious danger is the agency data system being hacked. Client data and agency funds can both be stolen. The less obvious danger is client credit cards that are compromised by an unknown breach.
“Say your client gets a call from American Express saying their card has been compromised and a replacement card is on the way,” Reich said. “It has happened to me, sitting here in West Palm Beach with my card in my wallet while it was being used fraudulently in Tennessee.
“Because the agency has that compromised card in an active profile, you are automatically suspect as a source of the breach. All it takes is one lawsuit, even if you win, to put you out of business.”
Reich said he had never heard of cyber liability coverage until one of his corporate clients asked about it.
The client, a major Florida corporation, was updating its own insurance and security portfolio and requiring vendors to follow suit. For Master Travel, that meant errors and omissions and cyber liability coverage.
“Errors and omissions insurance is a no-brainer for any agency, leisure or corporate,” Reich said. “But I had never heard of cyber liability. That’s when my client started connecting the dots between my own experience with credit card breaches and our potential liability regardless of fault.
“A client calling to say their credit card has been compromised is not an everyday occurrence, but it is an every week occurrence that someone calls to update their profile with a replacement card.”
Cyber liability coverage is one of the more expensive insurance policies an agency is likely to need, according to Reich.
Expect to pay $3,000 to $3,500 annually. And only a few insurers offer liability coverage for electronic breaches and thefts.
Leisure agencies probably don’t need cyber liability cover, Reich added. The agency’s liability exposure is based on its retention of active credit card numbers in client profiles. And leisure profiles should not include credit card numbers.
“Corporate agencies have no choice about keeping client card numbers,” he said. “I have clients who book employee travel every day. Our back office system has to have that number on file.
“It is encrypted, as required by card issuers, but the card number can be stolen from any number of sources. And no one can guarantee that encryption can’t be broken.”
A competitive advantage
The good news is that cyber liability insurance has emerged as a competitive advantage, said Reich. Most potential corporate clients understand the risks of cybercrime even if they don’t know about cyber insurance.
“Corporations of a certain size recognize the risk of cybercrime, or they do by the time I’ve finished pitching our services,” Reich said. “Our cyber liability coverage offers them protection from day one.
“That’s the kind of proactive value add that helps convince companies to switch agencies.”