Caution is often the reaction I get when discussing Cyber Insurance to construction executives in Wisconsin. From their perspective it would be a nice policy to have should the North Koreans focus their slave hacking force on a plumber in Sheboygan. The resulting ransom of 200 bitcoin for their $200 laptop seems a laughable prospect to a field that generally isn’t tech reliant. The truth, however, is that contractors are a growing target for hackers, but fear isn’t the only reason for a contractor to have Cyber Insurance.
So is greed.
Newly mandated contracts are forcing the conversation of Cyber Insurance between owners and contractors. On October 31, 2018 the American Institute of Architects (AIA) requires the use of their new 2017-revised agreement documents and to toss the old 2007 versions. Among the most standard forms are basic contract agreement between owners and contractors: A101, A102, and A103. All three of those forms have a new section dedicated to Cyber Insurance.
The relevant language begins in the from at section A.2.5.1. This segment encourages the owner to purchase Cyber Security Insurance for any loss or data breach should such an event happen on the job. This represents an opportunity for a contractor to sell the fact that they have 3rd party Cyber Insurance and can cover such a breach. Alternatively this could be a threat should the contractor have no Cyber Insurance and potentially lose out on a bid to a competitor who has said coverage.
Why was Cyber Insurance language inserted in this part of the contract? The AIA believes there is a growing threat of electronic data loss to owners after several real world examples surfaced where negligent contractors were at fault.
In 2013 an HVAC contractor in Pennsylvania was working at a Target retail store. An employee of the HVAC contractor opened a virus laced email. This email stole the identification and password of the contractor and was able to infiltrate Target’s vendor portal. From there the criminals were able to gain access to Target’s internal network. The result was the 5th largest cyber-attack in history and 70 million compromised credit cards.
Beyond encouraging owners to attain Cyber Insurance, Forms A101-3 present easy opportunities for owners to require Cyber Insurance from contractors. Further along in the contracts (section A.22.214.171.124) the owner is given a segment to fill in additional coverages a contractors is required to possess on the job. In the real world we are starting to see contracts requiring a Cyber policy– often with high limits too.
More than just a threat, Cyber Insurance represents an opportunity for contractors. Having a policy ahead of a big job not only protects your company in case of a breach, but also gives the sales or marketing department extra ammunition to make the winning offer.Not all Cyber policies are the same. There is a major difference between a first and third party coverage. Contact an agent to work out the best Cyber policy for your business.