Every company in the world that provides business-to-business services is now having to consider risk and compliance management as part of its business offering. By Paul Norris, Broking Manager, Reason Global Insurance.
Data security is an important part of compliance and the international moving business is particularly vulnerable to breaches as personal information (such as copy passports, National Insurance numbers, etc.) is exchanged as a necessary part of the process. If the worst happens, does your company insurance provide any protection to you, your customers or their assignees? If not, it should.
The general term ‘compliance’ includes the requirement for companies to operate within regional regulations such as the UK Bribery Act of 2010 and the US Foreign Corrupt Policies Act; to comply with all contractual obligations; and to behave in a way that develops trust between the company and its customers. What’s more, it also requires companies to take responsibility for the whole supply chain. It’s a tough challenge, many say an impossible one, and even the most vigilant company lives in fear of a breach that can prove devastating for themselves and their customers.
Data security too is an important part of compliance with companies being required to ensure that all personal information, held on behalf of clients, is kept safe. However with the level of cyber attacks increasing, the chances of any company being hit are significant. If a breach occurs the costs, direct and indirect, can be crippling. New EU regulations in 2016 will require businesses to comply with more onerous rules around notification to the Information Commissioner’s Office, explicit consent to hold and process data, and the right to be forgotten. Breaches could result in significant fines of up to 2% of their turnover.
A report from the UK government and Marsh [UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk (March 2015)], for example, estimates that 81% of large UK companies and 60% of small businesses suffered a cyber-security breach in 2014. Official figures also estimate the cost of theft of customer data at £1bn. A survey by Price Waterhouse Cooper carried out in 2012 found that 72% of small businesses reported staff misuse of e-mail or the Internet and the unauthorised access of files resulting in a Data Protection Act breach, misuse or leakage of confidential information.
This is not just a local problem for the moving company concerned. A high proportion of international relocations are performed on behalf of employees of multi-national companies and are controlled through relocation management companies (RMC). These large customers rely absolutely on their reputations and any small slip will be exploited by a controversy-hungry media. Similarly the RMCs need to demonstrate to their clients that they deal with compliance transgressors harshly. A data protection breach would easily be enough to lose a moving company their contract with a major corporation who will take a ‘zero tolerance’ approach.
Insurance cover cannot prevent a breach but it could just keep a mover in business should a breach occur. It might even give a corporate client some comfort that the mover takes the whole compliance issue seriously and, therefore, become a powerful part of the sales proposition.
It’s fair to say, however, that cyber-risks insurance is an emerging market. With this in mind many policies do not include it. So it makes sense for movers to work with their brokers to develop cover that is appropriate for their individual businesses. This could include, for example, cover for system damage, business interruption, theft of money, cyber extortion, reputational damage, etc. and also claims by third parties, possibly the client or the RMC, following a security breach. These could include the cost of meeting claims for the loss of confidential data under the Data Protection Act and regulatory investigations caused by hacking, etc.
If a breach occurs the response from the insurance company will be to provide a range of services to protect the business and minimise the detrimental effects. These can include: the employment of public relations, crisis management, forensic and speciality services; financial compensation; the cost of replacing equipment and recovering information; business interruption costs; fines imposed by government or the public authority regulator; costs of notifying the data protection authorities of the breach; and the payment of extortion fees with associated negotiation, handling, contracting and delivery of monies.
If a corporate client has a ‘zero tolerance’ policy, any data breach is likely to result in a serious penalty or loss of the contract for the mover. That in itself is bad enough but there’s no need for it to bring the company down too. Appropriate insurance can help a business survive what will undoubtedly be a very rocky time, allow it to ride the storm, and help protect customers too.
Reason Global Insurance is Lloyd's of London's only specialist insurance broker solely dedicated to moving, self storage and relocation. Photo: Companies face increasing risk of cyber attack.
Click here to see the next Editor's Pick