Engineers could be liable for cyber hacking
August 29, 2011
By
Canadian Consulting Engineer
We are growing used to hearing about computer hackers compromising the networks and stealing private data from large banks and corporate giants like Sony. Now the insurance management company ENCON believes that these "cyber threats" might also...
We are growing used to hearing about computer hackers compromising the networks and stealing private data from large banks and corporate giants like Sony. Now the insurance management company ENCON believes that these “cyber threats” might also threaten design professionals and has just launched a new policy enhancement to offer coverage in this area.
The Security and Privacy Liability policy enhancement covers a range of “third party cyber liability exposures.” It covers for liability arising from a network problem such as a virus, or data being lost or destroyed. It covers against being liable for not complying with privacy laws in print or electronic form. And it covers for liability from displaying erroneous content on a client’s website.
Alison O’Rourke, a senior underwriter with ENCON in Ottawa, says that they haven’t heard of any specific claims being made by engineering firms whose IT systems have been breached, but says firms are concerned about these emerging risks.
“It [the new policy enhancement] wasn’t developed to address any specific trends in claims, and it’s not tailored just to engineers,” says O’Rourke. “We’re also offering it to other professions. But it’s driven out of the fact that businesses do rely heavily on technology for their day to day operations and there have been in the press a number of security breaches [reported]. These are concerns for businesses that aren’t maybe addressed by their normal architects and engineers’ policy.”
As examples of liability that engineering companies might face over cyber threats, O’Rourke cites a situation where an engineering company is holding data on a client such as its confidential plans and designs, or even banking details, addresses and personal information about employees. There is the potential for a network security breach.
“There are also potential privacy breaches,” she says, “for example, if a laptop is stolen or lost and it contains confidential client information that perhaps hasn’t been encrypted.”
“The endorsement also covers electronic media liability,” she says. “So if an employee of an engineering firm posted an erroneous fact about a competitor perhaps on a social media site, there could be an accusation of defamation.”
Before covering a firm the insurers will ask basic questions such as what kind of data the company is holding, whether the data is downloaded onto laptops and USBs, and whether it’s encrypted.
