Cyber Liability & Insurance

By Donald Peterson

This book is designed to provide information and guidance to employees of all levels looking for ways to best handle the ever-changing and emerging world of intellectual property, its related issues, and associated risk management concerns. Information on identifying, managing, and controlling e-risk, including cybercrime and e-discovery Includes executive's guide for protecting electronically stored information

• Language: English
• Publisher: The National Underwriter Company
• Release date: May 29, 2012
• ISBN: 9781938130250

Book preview

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought.— from a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations.

Copyright © 2009 by

THE NATIONAL UNDERWRITER COMPANY

P.O. Box 14367

Cincinnati, Ohio 45250-0367

All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the publisher.

The included policies are copyrighted by and reprinted with permission of Euclid Managers, LLC.

There are many other companies that offer these types of policies. Those contained in this book are meant for illustrative purposes only.

International Standard Book Number: 978-1-938130-25-0

Library of Congress Control Number: 2008935835

Printed in the United States of America

About the Authors

Donald K.S. Petersen

Professor Petersen joined the Cooley Law School faculty as an associate professor in 2005. His previous academic experience includes two years as a Teaching Fellow in Economics at Harvard University, and seven years as a lecturer in economics at Oakland University, in Rochester, Michigan.

From 1994-2005, he was a shareholder in the firm of Petersen, Lefkofsky & Gorosh, P.C., in Bloomfield Hills, Mich. He represented investors, entrepreneurs, professional athletes and closely-held companies in a variety of contractual, business, and real estate matters.

Previously, he was a commercial litigation associate with the firms of Miro Miro & Weiner, P.C., in Bloomfield Hills, Michigan (1991-1994) and Bickel & Brewer, in Chicago, Illinois (1989-1991).

Professor Peterson earned his B.A. from the University of Chicago in1986. In 1989, he earned his Juris Doctorate, graduating cum laude from Harvard Law School.

Ann G. Kale

Ms. Kale is president of Technology Insurance Group, Inc. in Madison, WI, an independent insurance agency that specializes in working with high-tech companies. Prior to establishing this company in 1996, she worked as an Account Executive with a regional insurance agency in Madison and with national insurance brokers in Minneapolis, MN.

Before joining the brokerage community, Ms. Kale was a property underwriter with Wausau Insurance in Boston, MA. She is a graduate of the University of Wisconsin – Eau Claire, and earned her CPCU designation in 1990. She has served on the Board of Directors of the Dairyland Chapter of the CPCU Society. Ms. Kale was a contributing author for the e-Commerce Guide and authored several newsletters on Software Errors and Omissions insurance.

Joseph J. Schwerha

Mr. Schwerha has the unique experience of having served in both the private and public sectors for several years. His primary responsibilities are with his position as an Associate Professor within the Department of Business and Economics at California University of Pennsylvania. He is responsible for instruction on all aspects of business law, as well as for development of new curriculum in the areas of privacy, cybercrime and information law. 

When he is not teaching, Mr. Schwerha primarily splits his time between his law firm, Schwerha & Associates (a boutique law firm concentrating in the areas of privacy, information security, and electronic discovery law), and TraceEvidence, LLC, (his computer forensics, privacy, and e-discovery consulting business).

Mr. Schwerha holds a Juris Doctorate from the University of Pittsburgh, as well as both a Bachelors and Masters of Science from Carnegie Mellon University. He has published several articles in various publications, including law reviews.

Marcia Sutton

Marcia Sutton has been working in the professional liability insurance industry for 13 years. As assistant vice president - marketing director for Euclid Managers, she is responsible for marketing communications activities for the Public Entity, Architects & Engineers, Internet, Tech, Media, Manufacturers and Miscellaneous Professional Liability products.

Prior to joining Euclid Managers, Marcia was the national marketing director for the Financial Products division of The Hartford and customer relationship manager for The Hartford’s Tech Practice. She began her marketing career at Media/Professional Insurance. Marcia earned her Bachelor of Arts degree in English from Baker University.

T.R. Franklin

T.R. has 25 years of insurance claims and senior management experience, with a broad background in technology, internet, media, and miscellaneous E&O product lines. A former newspaper reporter and editor, he has particular insight into defamation, privacy, and intellectual property cases involving the media and cyberspace industries.

T.R. is a co-founder of Euclid Managers, LLC, where he is a member and Vice President. He previously served as Executive Vice President - Technology Claims for The Hartford. Before joining The Hartford, T.R. served as Executive Vice President of Aon Corporation’s Media/Professional Insurance and led all of Media/Professional’s claims divisions. T.R. concurrently served at Aon as Senior Vice President and a member of the Executive Committee for Financial & Professional Risk Solutions, Inc., heading that company’s divisions that managed claims in D&O, EPLI and financial institution bonds, and as Director of Claims for Prairie State Administrative Services, Inc. through which Aon provided commercial insurance services to State Farm.

T.R. earned his Juris Doctorate from the University of Kansas, where he served on the school’s Law Review, and a Bachelor of Arts in Journalism from the University of Georgia, where he served as editor of the university’s collegiate daily newspaper. He also spent time reporting for the Atlanta Journal and Augusta Chronicle and as assistant city editor for the Macon Telegraph.

John Stephen Wurzler

In 1996, Mr. Wurzler began a company that would develop insurance products to fill the needs of the new business models. His company, J. S. Wurzler Underwriting Managers (JSWUM), specialized in insuring companies developing their e-commerce and e-business models.

He served as a consultant to the National Security Advisor to President Clinton, has been quoted and featured in publications such as The Wall Street Journal, The Industry Standard, CIO, Investor’s Business Daily, E-Commerce Business, and has is a frequent speaker on this new and growing industry.

In 2005, Mr. Wurzler joined CNA as a Vice President responsible for leading and expanding the Technology Segment and the Internet and Computer Security Group. At CNA Mr. Wurzler uses 28 years of insurance experience along with 11 years of Technology, Internet & Network Security expertise to help clients worldwide with their diverse insurance requirements.

Mr. Wurzler came to CNA after a successful career at AIG eBusiness Risk Solutions, where he joined AIG’s eBusiness Risk Solutions Team as a Vice President responsible for Marketing and Underwriting in the Midwest and Canada. At AIG, Mr. Wurzler was responsible for defining and delivering the strategy for the U.S. Central Zone and Canadian distribution, to achieve profitable revenue growth and enable AIG to maximize its position as the world’s leading specialist in insurance solutions for digital risk.

Mr. Wurzler co-founded Medical-Net in 1994, an Internet services company for physicians and the healthcare community. He designed and built a system that allowed physicians to share information and complex medical problems over a secure Internet system.

Earlier in his career, Mr. Wurzler led the financial turn-around of the Physicians Insurance Company of Michigan (Now ProAssurance) as the Treasurer and CFO. Prior to that, he spent many years learning the insurance business while serving as a financial officer of the Home Insurance Company.

Mr. Wurzler holds a BA in Business Administration from St. Michael’s College in Vermont and an MBA in International Finance from Adelphi University.

Kelly Maheu

Ms. Maheu serves as a staff writer and editor for FC&S and The National Underwriter Company, a division of Summit Business Media.

Prior to joining The National Underwriter Co., Ms. Maheu worked as a legal research attorney for LexisNexis in Miamisburg, Ohio. In addition, Ms. Maheu spent several years working on insurance defense, workers compensation, and personal injury cases at a Cincinnati, Ohio, law firm. She also worked as a claims adjuster for Progressive Insurance.

Ms. Maheu holds Bachelor of Arts degrees in English/Journalism and Psychology from Miami University, Oxford, Ohio. At Miami, she served as campus editor for the university’s collegiate bi-weekly newspaper. Ms. Maheu earned her Juris Doctorate from The University of Cincinnati College of Law in 2004.

Introduction

Over the last few decades, the typical business has grown increasingly more dependent upon the Internet and computer networks. Whether for communications between employees or with clients, for transmitting and storing sensitive information, or for maintaining a Web site or a blog, most twenty-first century companies would be lost without their technology. The majority of businesses today have at least some technology or internet-based exposure to their business operations. As businesses continue utilizing new technology-based processes, they may not be aware of the associated risks.

Risk management and insurance have traditionally been structured around protecting tangible property from physical perils. Virtually all businesses have insurance and risk management programs in place to protect that business’s property, and many also have workers compensation insurance to protect that business’s employees. However, because most insurance policies cover only tangible property property damage, many businesses fail to fully protect and manage what are arguably their most critical assets. That is, those intangible assets that can’t be seen or felt.

The risks arising out of intangible assets are many, and they can have devastating effects on a business’ reputation and bottom line. For example, the personal information of customers may be stolen or disclosed as hackers access a database and steal large quantities of confidential data in seconds. Or, disgruntled employees may use a company’s network to destroy or steal information to sell for a profit.

Liability may arise from a wrongful disclosure of or failure to protect information. This could arise from a physical breach of a company’s network security, or if information stored on an employee’s laptop or on a server at a third party location is stolen. Any company connected to the Internet is susceptible to viruses which could result in legal liabilities as well as damage to or destruction of client and other valuable information.

The Internet also creates new exposures for content and advertising litigation. A virus could result in a shutdown of a Web site, costing extra expenses, loss of revenue, and potential litigation. Content-based injuries such as libel, slander, defamation, copyright, title, trademark infringement, or invasion of privacy may arise from the display of materials on an insured’s Web site.

Although the complexity of these risks cannot fully be explored in one publication alone, it is our hope that Cyber Liability and Insurance: Managing the Risks of Intangible Assets will help insurance and risk management professionals better comprehend, manage, and mitigate these emerging risks related to technology, the Internet, and cyber liability.

Table of Contents

About the Authors

Chapter 1: Understanding Intangible Assets

Intangible Assets and Goodwill

Assets that Are Intangible

Assets that Are Intellectual Property

Goodwill

Other Intangible Asset Classifications

Regulations and Organizations for Intangible Assets

Value and Value Identification for an Intangible Asset

Identifying and Categorizing Intangible Assets

A Company’s Internal Audit and Search for Intangibles

Identifying an Intangible Asset

Other Helpful Organizations

Dynamic Intangible Assets

Grouping Intangible Assets into Bundles

Marketing Bundle

Computer-Related Bundle of Assets (the Software Bundle)

Technology Bundle of Assets

Other Types of Intangible Assets

Bundling Intangible Assets after

Filing for Bankruptcy Protection

Inventory and Control of the Assets

Chapter 2: Valuation of Intangible Assets

Traditional Valuation Techniques for Intangible Assets

The Cost Approach to Valuing Intangible Assets

The Market Approach to Valuing Intangible Assets

The Income Approach to Valuing Intangible Assets

The Relief from Royalty Approach

to Valuing Intangible Assets

The Technology Factor Approach

to Valuing Intangible Assets

Alternative Ways to Value Intangible Assets

The Context in Which You Value Intangible Assets

Research and Financial Considerations

Intangible Assets Remaining Life

The Discount Rate

The Valuation Process: A Summary

Tests that Confirm Intangible Assets Have Value

The Triage Process: Prioritizing

the Assets that You Are Valuing

Valuing Groups of Intangible Assets

Royalty Rates

Online Assets

Valuing Technology

Summary

Chapter 3: Identification of Risks Associated with Intangible Asset Management

Cybercrime

Legal and Regulatory Risk

Lack of Information Security and Privacy

Rogue Employees

Maintenance of Electronically Stored Information

Chapter 4: Third-Party Coverage

Types of Insurance

Claims-Made v. Occurrence Coverage

Personal and Advertising Injury in Commercial General Liability Policies

CGL Marketplace

Errors & Omissions Policies for Media, Tech and Internet

Other Policies and Coverages

Key/Typical Exclusions

Uninsurable Risks

Insurance Claims

Market Trends

Chapter 5: Technology and the Role of the Insurance Agent or Broker

Legal Difference between Agent and Broker

Understanding the Customer’s Needs

Risk Management Options

Submitting Applications to Underwriters

Negotiating Coverage

Evaluating Coverage

Keeping Abreast of Developments

Chapter 6: What Every Business Needs to Know to Survive a Cyber Security Event

Categorization of Information and Information Systems

Security Objectives

Potential Impact on Organizations and Individuals

Security Categorization Applied to Information Types

Security Categorization Applied to Information Systems

Five Common Myths Regarding Network Security

Claim Scenarios

The Most Important Thing to Remember When Confidential Information is Exposed or Compromised

Preparing an Effective Communications Strategy for Use in Response to Cyber Security Events

Selected Laws Pertaining to Intellectual Property, Cybercrime, and Computer Privacy Issues

Forms & Endorsements

Chapter 1: Understanding Intangible Assets

Intangible Assets and Goodwill

It seems that every transaction involves a component of goodwill. After participants see a percentage of the purchase price apportioned to goodwill, they often ask: What is goodwill? And no matter what the so-called experts tell you, there’s no easy, black and white, answer.

Goodwill is a concept, not a thing. It usually encompasses a broad array of intangible assets. For example, traditional intellectual property assets such as patents, copyrights, trademarks, trade names, logos, and similar items are often lumped together as goodwill. Similarly, less obvious assets such as proprietary business practices, operational software, information methodologies, and all systems necessary to operate a business and generate returns are also intangible assets lumped together as goodwill. In short, almost anything that contributes directly to generating a positive return on investment can be classified as goodwill.

So how do we value goodwill? Although to state this may be tantamount to admitting poor skills, I certainly recall telling an accounting person that it was what we need the value of goodwill to be to make the transaction work. I also asked whether this person could justify this figure to the Internal Revenue Service. In short, valuing goodwill is complex and is heavily dependent on the context in which you make the computation.

It is critical to recognize that no book can definitively define and discuss all intangible assets and goodwill. The range, type, and variety of intangible assets continue to grow over time and will undoubtedly continue to grow in the foreseeable future. Similarly, the importance of protecting these intangible assets, including intellectual property, has also grown. As business and law evolves, understanding them becomes more and more critical in mergers, acquisitions, business reorganizations, bankruptcies, and a myriad of other situations demanding speed, accuracy, and valuation.

These chapters are not written with skilled legal practitioners in mind. Instead, the definitions and explanations are used not as legal definitions but rather as basic explanations of those phrases and terms that often are used without an understanding as to what is meant.

Assets that Are Intangible

In general, intangible assets include far more items than do intellectual property, and they are more easily understood and described than goodwill. We can usually say the following about intangible assets:

• We must be able to prove that intangible assets exist through a document or computer database.

• We have to determine how to develop intangible assets.

• We have to be able to identify intangible assets.

• We have to be able to legally protect intangible assets.

• We must be able to quantify the intangible assets’ value.

• We have to determine an intangible asset’s lifespan.

• We must be able to own intangible assets.

• We must be able to find similar assets in the marketplace.

These concepts are derived from the law, but they are practical guidelines to help you define and recognize intangible assets. Most importantly, we only recognize intangible assets that have quantifiable value.

As previously noted, it is easy to confuse intangible assets with goodwill. The simplest distinction is that goodwill includes all of a company’s nontangible assets but intangible assets includes all nontangible assets that we can measure and manage, and to which we can assign a value. For example, a company’s good reputation is goodwill and corporate brand value is an intangible asset that we can measure and value.¹

It is impossible to create an exhaustive list of intangible assets, because their number is limited only by technology and clever legal and financial minds. For example, a Web site is now an intangible asset with value and is critical to many companies’ business, but ten to fifteen years ago it was non-existent or unimportant. Similarly, in today’s retail marketplace, exclusive contracts with Martha Stewart and other designers are increasingly important, but they did not exist in the past. Even an exclusive contract with a national retailer to supply unbranded goods is a valuable intangible asset if it has a definable life.

It is truly remarkable how common intangible assets really are when we examine a transaction closely. For example, each of the following is undoubtedly an intangible asset to the company or situation:

• Contracts that a casino or nightclub has with comedians, singers, or other performers to perform on a regular basis. These contracts are intangible assets with value to the hotels or nightclubs with which they are affiliated.

• Ongoing contracts to provide services on behalf of a company or the government are intangible assets with value.

• Data and research that companies conduct and collect are identifiable and valuable intangible assets.

Exhibit 1.1

Substantially Incomplete List of Intangible Assets

1. Marketing Assets

• Trademarks and service marks

• Trade names and brand names

• Logotypes

• Colors

2. Technology Assets

• Patents and patent applications

• Technical documentation (e.g., laboratory

notebooks, technical know-how)

3. Artistic Assets

• Maps

• Literary works and copyrights

• Musical compositions

• Photographs

4. Data Processing Assets

• Software and software copyrights

• Databases

5. Engineering Assets

• Industrial designs

• Engineering drawings, schematics, and blue prints.

• Technical know-how and trade secrets

6. Customer-Related Assets

• Customer relationships, contracts, and lists

• Open purchase orders

7. Contractual Assets

• License and franchise agreements

• Operating license

8. Human Capital Assets

• Trained workforce and wages

• Union and other employment contracts

9. Location-Related Assets

• Easements and mineral exploitation rights

• Water and air rights

10. Online-Related Assets

• Domain names and Web site design

• Linkages

Assets that Are Intellectual Property

Depending on the nature of the business, intellectual property may have a great value, including trademarks, copyrights, and others. Intellectual property is different than other sorts of intangible assets because it is legally protected. Indeed, there is specific law that applies to trademarks, copyrights, patents, domain names, and software.²

Intellectual property is generally easier to recognize than other sorts of intangible assets because there are only a few legally recognized categories, including: