Commercial Insurance Update – Protecting Your Electronic Assets

please click here for the original pdf

August 2003

Protecting Your Electronic Assets

Almost every business depends on the uninterrupted operation of a wide variety of sensitive and complex electronic data processing (EDP) equipment. For many firms, other than their employees, their EDP property is their most valuable asset.

Stop and think for a moment. What would you do tomorrow if you came in, and your entire computer system had crashed or been destroyed? Everything was gone, and you didn’t have an adequate backup. What would you do, what would be the impact on your business, and for how long?

Unfortunately, EDP equipment is not only subject to the basic perils facing most other equipment, such as fire or water damage and theft, but also faces additional exposures for such risk as:

” Electrical or magnetic injury caused by artificially generated electrical current

” Off-premises utility service interruption

” Faulty or defective design and workmanship

” Changes in or extremes of temperature and humidity

” Dishonest or criminal acts by employees and outsiders (computer-related fraud)

” Mechanical breakdown

In addition, programs or data, if damaged or destroyed, can be extremely difficult, if not impossible, to reproduce. Certainly you can buy the “off the shelf” program, but what about the data? What if there were no backup? Or if your backup didn’t work? Could you reproduce it? If you could not, what impact would that have on your business?

One response might be, “Well, don’t I have insurance for this?” The answer is “Maybe, maybe not.” Most standard commercial property policies cove r data processing equipment, but they may not extend to some of the perils that electronic data equipment is susceptible to, such as mechanical breakdown and electrical arcing as well as power outages, power surges or power spikes.

“But my computer equipment is covered by a warranty, ” you might add. Typically, warranties don’t cover hardware failures unless caused by defects of materials or workmanship, and they typically only cover the equipment, not loss or damage to data due to electrical injury or operator error or misuse, or any loss of income from a systems breakdown.

Insurance should be your last resort. Candidly, if you have to use your insurance in the case of damage to your electronic data property, you’ve already lost. By far, the best thing you can do is to manage this exposure to avoid, if at all possible, a loss to begin with. So how do you go about this?

Following are some steps you should consider:

1. Make certain that compatible EDP equipment is available in an emergency. Have you arranged for alternative facilities or systems to continue your EDP operations?

2. Make certain that all your computers as well as your data, fax and phone lines are connected to an uninterruptible power supply (UPS) with built-in data saving and power management software. Make sure you regularly test each UPS in order to avoid a weak or worn-out battery.

3. Make certain you have a central station burglar and fire alarm or fire suppression system.

4. If you do business on the World Wide Web, or do hosting on your server, make sure that you have appropriate firewalls with the latest updates to prevent outside access to your network.

5. Make sure your laptops containing sensitive data have the data encrypted (if the laptop is stolen, the data cannot be accessed).

6. Do all your Web servers and your desktops for that matter, have the latest anti-virus patches installed? Are they updated continuously?

7. Do you conduct full-system backups of all your electronic records on a regular basis, preferably daily, but no less than weekly? This includes original data that is not readily available from licensed software vendors.

8. Are your backups stored away from your premises? (See “Off-Site Backups”).

9. How long would it take you to reconstruct unduplicated data? Do you have an established time for recovery?

10. Do you use, store or archive media and data belonging to others? If so, are you contractually responsible for returning it to them? Do you require them to have backups of the data you store?

11. Do you have a record of the serial numbers of your electronic equipment, and do you engrave all electronic equipment with permanent identification numbers?

12. Do you provide for a carbon dioxide fire extinguisher that is annually inspected and located near your mission critical electronic equipment?

13. Do you take advantage of an “uninstaller” program to undo a problem software installation to restore your system to some previously known state of functionality?

14. Do you check for intruders, monitoring your network traffic logs?

To reiterate, you should not treat insurance as a substitute for loss prevention. You are far better off managing this type of exposure than relying on insurance. In a nutshell, you should take regular backups of your programs and data off premises, and make certain that you have a written business continuation plan that you can follow in the event of a catastrophe.

Insuring Your EDP Equipment

Despite your best efforts, you can still suffer an EDP loss. In the event of such damage, a well-written insurance program is imperative.

Computer hardware coverage is often written combined with other business personal property. However, computer hardware is susceptible to perils that most business personal property is not, including electrical arcing, mechanical breakdown, and power or current fluctuations. Therefore, ideally, electronic data processing coverage is written on a stand-alone form designed specifically for electronics, or the business personal property policy is endorsed to cover these additional perils. Regardlessof which approach is taken, you should make certain that the following perils are considered:

” Mechanical breakdown

” Short circuit, blowout or electrical disturbance

” Electrical or magnetic injury, disturbance, or erasure

” Utility service interruption, power surge, power spike, and power failure

” Changes in or extremes of temperature or humidity

” Programming errors or software glitches

” Design errors or faulty materials/construction

” Virus or vandalism damage

Ideally, the business interruption and extra expense coverages are incorporated into the master program for the business. Regardless, these coverages need to be endorsed to pick up the exposures mentioned above. If they are not, you could suffer damage from one of the exposures and have coverage for your EDP equipment but no business interruption coverage.

Do you have personal property of others in your care, custody or control? Does your policy extend to cover this type of property? If so, have you taken this into consideration in setting your valuation?

Are your laptops covered away from the premises? Are they covered world-wide?

Valuation

Hardware – Ideally, hardware is valued at the cost to repair or replace the damaged equipment with like kind or quality. Recognize that some EDP equipment is obsolete. Will your coverage allow this type of equipment to be replaced with a current, state of the art unit? Don’t forget to figure in the cost of installing the equipment as well. Cabling and networking can be quite expensive.

Media and Data – The unendorsed business personal property form only covers the media and data for its blank value. In most cases, however, the actual data itself is the most important and the most difficult to reproduce. Make certain you have adequate coverage to pick up the cost of a programmer to reproduce the data to the extent that it can be recreated.

As mentioned earlier in this article, you are far better off having off-site backups of all your programs and your data to rely on instead of trying to recreate them yourself.

Conclusion

Most business are heavily, if not totally, dependent upon their computer systems. Being without those systems for even one or two days would cause a major interruption in their operations, if not a total cessation.

This is an exposure that lends itself to being managed. Certain steps can be taken to lessen the chance of an electronic data processing loss. In addition, appropriate insurance can be purchased to help finance any losses that do occur.#

 

Off-Site Backups

Many of our clients are comfortable with the fact that they keep their backed up software in a fireproof safe. This is fine, but what if you can’t get to it?

On September 11, 2001, a number of businesses in New York were near Ground Zero. Their buildings weren’t destroyed, but they were damaged. In some cases, it was up to 30 days before the New York Building Department determined that the buildings were safe to reenter.

During that time, had you been one of those businesses, you might have stored a backup in a fireproof safe on the premises. Although it would have been undamaged, you would have been unable to retrieve it, so it would have essentially been useless. This underscores the need for offsite backups.#

Disclaimer: This article is written from an insurance perspective and is meant to be used for informational purposes only. It is not the intent of this article to provide legal advice, or advice for any specific fact, situation or circumstance. Contact legal counsel for specific advice.

Patrick Casinelli Wins Second Place in World Bodysurfing Championships

Patrick Casinelli, head of Cavignac & Associates’ Employee Benefits Department, won second place in the 35-44 year old age division at the World Bodysurfing Championships held in Oceanside the weekend of August 16-17, 2003. Contestants are judged on how long they ride a wave, how many and what types of moves are made, and how these are executed.

Bodysurfers from as far away as Australia, Brazil, Hawaii and New Zealand compete in the championships.

“It’s a long way for them to come for a weekend of bodysurfing. We get a whole group from Hawaii, including my brother, Tim,”Patrick added. “It’s amateur, so you win a trophy and goodies from area businesses that support the contest. Good bodysurfers come every year.”

Bodysurfing is a family affair for the Casinellis. Patrick’s father, Mike Casinelli, a teacher and lifeguard, placed third in the 1998 championship finals, a year before he died from cancer. “We grew up in Leucadia,” Patrick said. “We surfed, bodysurfed, went skin-diving, and swam just about every day — my dad was great; he taught us everything.”

Patrick’s brother, Tim Casinelli, who has won three grand championships in the event as well as most of his age group’s first place awards in the same age division, again won first for his age division and first place overall for men in the competition.

Patrick and Tim bodysurf in the same age division nine years out of ten. “Tim and I are one year apart, so every 10 years I get a break from him. He’s 36. I won’t get a break until I’m 45 and he’s 44. He’s really the best, but I keep trying to beat him,” Patrick explained. “I’ve made it to the finals 16 times, and I look forward to competing with the best bodysurfers in the world every year. I’d really like to win, but if I have to lose, it’s pretty neat to lose to my brother.”#

Cavignac & Associates INSURANCE BROKERS

Visit our website!

! Insurance information & applications

! Certificate requests on-line

! Bond requests on-line

! Prior publications and MORE!

www.cavignac.com