A manager of a facility accidentally clicks on a malware link embedded in a fraudulent e-mail (phishing); a third-party hacker penetrates the company’s data network (ransomware); an employee sends funds to pay an invoice that appears to come from an authorized e-mail address or from the company’s bank or personal banker (wire fraud); a terminated employee steals credit card information from the facility’s customers on the way out the door (criminal theft).
What would your business do if any of these scenarios occurred and tenant records were stolen or your access to business data was blocked? How would your company handle the cost to recover the data, repair your IT system, pay for the required customer notifications and identity theft protection, and manage the cost of the interruption to your business? Any business that fails to recognize these risks and prepare for them may find itself financially crippled by such events. One of the ways to address the exposure to these potential risks is by obtaining cyber liability insurance. Today, this coverage is as vital as a self-storage facility’s sale and disposal insurance. But like sale and disposal insurance, sufficient cyber and data theft insurance coverage is not typically included in a general liability policy. Instead, operators need to consider their risks, underwrite their exposure and obtain the needed coverage for their business.
A proper cyber liability and data theft insurance policy would include the following protections: 1 - providing a response team to assist the business after an incident (including a forensic specialist to locate the site of the breach, the suspected malware, or the independent cause of the loss); 2 - paying the costs necessary to recover the lost data, including paying the ransom demanded for the return of the data, if necessary; 3 - providing the logistical support and cost reimbursement for the required customer and credit bureau notifications (and identity theft protections); and 4 - reimbursing the costs associated with the interruption suffered by your business while dealing with the breach.
Self-storage operations are not immune from these real-life threats. Even a business that makes every effort to protect its data is not immune from third party criminal activity. A good cyber liability policy includes not only first party coverage to protect your business, but third-party coverage to protect the costs incurred by your customers and their businesses and personal lives.
The next time you review your insurance coverage, be sure to double check what you are now carrying for the risk of cyber liability and data breach protection. You may be surprised what coverages you have or don’t have.
This article was originally published in Self Storage Legal Monthly Minute by Scott Zucker, June 2023
Scott Zucker is a founding partner in the Atlanta law firm of Weissmann Zucker Euster Morochnik & Garber P.C. and has been practicing law since 1987. Scott represents self-storage owners and managers throughout the country on legal matters including property development, facility construction, lease preparation, employment policies and tenant claims defense. He also provides, on a consulting basis, advice to self-storage companies in the areas of foreclosure and lien sales, premises liability and loss control safeguards. Scott can be reached at 404-364-4626 or by e-mail at Scott@wzlegal.com.
