Restoration logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Restoration logo
  • NEWS
  • PRODUCTS
    • New Products & Technologies
    • Submit Your Product
    • Interactive Product Spotlights
  • EDUCATION
    • KnowHow.
    • Podcasts
    • Trade Shows & Expos
    • Training & Certification
    • Webinars
    • Whitepapers
  • TOPICS
    • Water Damage
    • Fire & Smoke Damage
    • Mold
    • Contamination
    • Odor
    • Contents
    • Architecture
    • Catastrophe
    • Cleaning
  • BUSINESS
    • Managing Your Business
    • Insurance/Legal Matters
  • BUYER'S GUIDE
  • VIDEOS
    • Ask Annissa
    • Ask the Expert
    • Ironclad Marketing Minute
    • TradeTalks
    • Video Channel
  • INFOCENTER
    • Mold and Mycotoxins
  • THE EXPERIENCE
    • Conference & Exhibition
    • Convention & Trade Show
    • R&R Special Issue
  • EMAG
    • eMagazine
    • Archive Issues
    • Contact
    • Advertise
  • SIGN UP
Insurance/Legal Matters in RestorationManaging Your Restoration Business

Protecting Your Restoration Company Against Cyber Attacks

By Ross Driscoll Jr.
The Cyber Effect: The Thief You Never Saw Coming
June 13, 2018

While the use of the internet increases daily, so does the sophistication level of cyber criminals. These criminals are stealing identities, hacking networks, and infecting computers with malware. Many business owners feel they are too small to be a target. They often do not take appropriate steps to protect their own systems, and the personal information they gather on their employees and customers. The truth is, cyber criminals know that small businesses typically do not invest in data security and systems, which makes them ideal targets.

When we think of a data breach, we often imagine some hacker continents away. Although a hacker may be the culprit, a simple mistake is increasingly becoming the cause of many breaches. Surprisingly, one in three data breaches is the result of human error. Something as simple as misplacing a flash drive with customer’s information on it or losing your laptop at the airport could be one of the costliest mistakes you or an employee can make. When it comes to personal information, lost is the same as stolen.

The statistics are eye-opening. According to The Hartford, 31% of all data breaches are in organizations with fewer than 100 employees. It’s not just the Target’s and Sony’s of the world. Roughly 66% of all data breaches investigated were not discovered for months, or sometimes years.  Looking at a study performed by the Ponemon Institute, they found that 72% of those who had a breach were unable to fully restore their company’s data. For some that have a breach, the damage control, legal expenses, and paperwork can be so overwhelming they never recover. Symantec stated that one in 40 small businesses is at risk of becoming the victim of a cyber-crime right now.

Laws vary from state to state, but most states have civil codes that require a business to notify its customers whose unencrypted personal information was acquired, or reasonably believed to have been acquired, by an unauthorized person. To take it a step further, an example from California Civil Code s.1798.29(e) and California Civil Code s.1798.82 states, “Any person or business that is required to issue a security breach notification to more than 500 residents because of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General.”

Claims Scenarios

Unauthorized Access: An international computer hacking group gained access to a small service company’s accounting software and stole banking information from check and credit card data of nearly 1,000 customers. This started a wave of fraudulent purchases around the world.

Cyber Extortion Threat: An information technology company contracted with a software vendor overseas. The vendor left universal “administrator” defaults installed on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit such vulnerability. The hacker advised that if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2 million, according to Philadelphia Insurance.

cybersecurity

Ransomware Attack: An employee of a car components manufacturing company clicked on a malicious link in an email and malware was downloaded onto the company server, encrypting all information. A message appeared on the employee’s computer demanding $10,000 to be paid by Bitcoin in the next 48 hours in exchange for the decryption key. The company called its insurance company, and they told them not to pay the ransom. Not only does paying the ransom perpetuate criminal activity, but it also highlights a company’s lack of effective and responsible backup procedures. Backups should be stored off-site and off-network. According to Chubb, the total loss was roughly $60,000 between the consulting fees to assess backups, forensic investigation to locate malware, legal consultation fees, incident response manager fees, as well as the costs associated with replacing lost or corrupted data.

Human Error: An HR recruiter for a healthcare organization accidentally attached the wrong file when sending an email to four job applicants. The file included HR demographic data consisting of 43,000 former employee names, addresses, and national ID numbers. Legal services were brought in to manage regulatory implications. Not only were there defense expenses from regulatory investigations, but there were also defense and settlement costs for the employees who had their identities stolen. In addition, there were incident response expenses for notification mailers, monitoring services for individuals who were affected, and legal consultation fees. Chubb paid out nearly $200,000 for human error that seems innocent, but was very costly.

1st Party and 3rd Party

To understand what is covered under various cyber liability/data breach policies, you must know that every carrier has different policy forms. Not only can coverages vary, but the names of the coverages will be different for each carrier. Still, every carrier who writes cyber offers 1st party coverages, where some will also offer 3rd party coverages. Not every carrier offers 3rd party because those claims tend to be the costliest.

cybersecurity

Know that 1st party coverage typically pays the expenses that affect your business. Coverages can include, but are not limited to:

  • Loss resulting from corruption or damage to your computer programs and data.
  • This will provide income reimbursement during the restoration period of your computer system.
  • When a loss occurs, there is an expense to mail customer notifications. There may also be regulatory fines and public relations expenses. Think about when a public relations person speaks on a company’s behalf on the evening news.
  • This can pay reimbursement for extortion expenses that are a direct result of a credible threat to your computer system.
  • When there is a loss of income, interruption, or special expense that is a direct result of an interruption or failure of your computer system that was caused by a cyber terrorist, this can pay the reimbursement for the loss of income.

When looking at 3rd party coverage, understand that this is meant to cover the legal liability you may face when having a breach. Coverages can include, but are not limited to:

  • Covers the legal liability for a privacy breach resulting from violations of HIPAA and other privacy protection laws/regulations, whether state, federal or foreign.
  • Covers the legal liability for a privacy breach of employees’ personal identifiable information (PII) or protected health information (PHI).
  • This may cover claims that arise from things that are on your website. Common allegations are defamation, libel, slander, invasion of privacy, plagiarism, infringement of a copyright or trademark, or domain name infringement.

Restoration Contractors Are Exposed

Companies often do not assess the value of data they have. Restoration firms may have proprietary assets, intellectual property, architectural drawings and specifications, which make you a target for cyber criminals. As with all business, you likely have employee data, which can include names, phone numbers, addresses, bank information, and often social security numbers. It is likely that you have financial information about your clients as well.

Remember what happened with the major breach at Target? An employee of a small HVAC firm was the victim of a phishing attack, which gave hackers access to their system through malware. The cyber criminals used the access to the HVAC firm’s system to connect to Target’s network, which was also connected to Target’s hosted vendor services. Due to this, the hackers stole information from 40 million payment cards, as well as 70 million individuals, by breaching the HVAC firm’s security.

cyber security

Attacks are typically not targeted; they are opportunistic. Since it can take less than two minutes for your security to be breached, think about all the confidential information or personal identifiable information you hold. I would estimate that 5% or less of the restoration industry carries this coverage. There is only one franchise I know of that requires this coverage, but I expect others will hop on the band wagon in the coming years. It is not expensive. One can add a limited amount of cyber protection to their property policy for a few hundred dollars. Some Employment Practices Liability (EPL) policies may even have an option to include some coverage. To get much broader coverage, ask your agent what a monoline policy would cost.

Depending on where you are at in the country, revenue size, number of jobs performed annually, and number of employees, cyber policies may start around $1,000. With the increasing number of data breaches, this is a small price to pay for the peace of mind to know you have protection.

KEYWORDS: cybersecurity employee management insurance claims small business

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ross Driscoll Jr. is the Vice President of Driscoll & Driscoll Insurance Agency and National E&S Insurance Brokers. Prior to joining the family business, he was a Contract Surety Underwriter at Zurich North America. He specializes in the risk management for contractors, especially those in fire/water restoration industry. Ross has been recognized by various insurance carriers as one of the top up and coming producers in the country. He is one of the few producers who truly understands his customer’s risks as well as how to manage them.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • mold remediation

    Fighting Mold and Bacteria Damage

    Successful mold remediation can be multidisciplinary,...
    Mold Remediation
    By: Josh Woolen
  • certifications and licenses for restoration professionals

    Certifications and Licenses Every Restoration Company Needs

    Restoration companies need to make sure they have the...
    Restoration Training/Education
    By: Sharon Elzarat
  • a wall covered in moss and fungus

    Zero Tolerance for Toxic Molds: Essential Steps for Successful Remediation

    Understanding the importance of zero tolerance for toxic...
    Mold Remediation
    By: Michael A. Pinto CSP, SMS, CMP, RTPE, FLS, ERS and Kendra Seymour
You must login or register in order to post a comment.

Report Abusive Comment

Manage My Account
  • eNewsletter
  • Online Registration
  • Subscription Customer Service
  • Manage My Preferences

More Videos

Popular Stories

Pop Art Female Superhero Punches a Masked Villain

TPAs vs. Independence: The Restoration Industry’s Own Version of the Cola Wars

RIA Carrier Advocate Mark Springer

Turning the Page: A New Era of Trust and Collaboration in Restoration

particle count hands-on demonstration of a HEPA filter

The Truth About HEPA Filters

Submit Your New Product/Technology to R&R!

Would you like to promote a new restoration, remediation or cleaning product/technology with Restoration & Remediation? Fill out the question below to start your submission:

Events

September 3, 2025

The Experience Convention and Trade Show

The Experience Convention & Trade Show logoJoin us in Las Vegas for The Experience Convention & Trade Show, the leading event for cleaning, restoration, and remediation pros, packed with hands-on demos, expert speakers, and high-impact networking. Happening September 3–5, 2025 at Caesars Forum—this is where the industry comes to learn, connect, and grow!

View All Submit An Event

Poll

Doffing PPE

When you are doffing your PPE, do you sanitize between every step?
View Results Poll Archive

Products

The Cleaning, Restoration, Inspection, and Safety Glossary

The Cleaning, Restoration, Inspection, and Safety Glossary

The Cleaning, Restoration, Inspection, and Safety Glossary.

See More Products
Prepare for CATASTROPHE with R&R!

Related Articles

  • The facts about sexual harassment claims and liability insurance coverage.

    Numbers Don't Lie: Do Your Insurance Policies Measure Up?

    See More
  • Contractor-Pollution-liability

    The #1 Question on Contractor Pollution Liability

    See More
  • Insurance trends

    Top 3 Insurance Trends of 2020

    See More

Related Products

See More Products
  • COVER pdf.jpg

    How to Get More Restoration Jobs in 14 Days... (ebook)

  • Cover.jpg

    How To Get More Water Damage Jobs (ebook)

  • secrets-of-insurance-game.jpg

    Secrets of the Insurance Game

See More Products
×

Stay ahead of the curve with our eNewsletters.

Get the latest industry updates tailored your way.

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Directories
    • Store
    • Want More
    • Submit a Press Release
  • SIGN UP TODAY
    • Create Account
    • eNewsletters
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Reprints
    • Marketing Services
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing