Customer Relationship Management and Cyber-Insurance
A customer relationship management system needs security, but beyond that, it needs insurance. There are a couple of options available for companies looking for cyber-insurance. A customer relationship management application database may contain information about tens of thousands--or hundreds of thousands--of individuals. Because enormous assets imply enormous risks, security should be addressed.
CRM: Beyond Security
Of course, nothing substitutes for high standards of database security. But the wise manager should insure his organization against the various hazards that threaten his CRM assets. However, most insurance policies do not provide coverage for this exposure. Indeed, as insurers are confronted with cyber-disasters, they respond with exclusions. Managers need to consider cyber-insurance, which provides coverage against systems disaster.
Customer Relationship Management: Cyber-Insurance
One of the benefits of cyber-insurance is that it allows risks to be distributed fairly: companies at high-risk to a cyber-catastrophe pay higher premiums than others. What's more, it requires companies to adopt best practices in cyber-security. Thus, the requirements of the insurer become the de-facto industry standards. Insurance imposes a sort of self-regulation, preferable to government regulation because cyber-security evolves rapidly.
CRM Insurance: The Options
Gordon Blumberg of Casswood Insurance, specializes in cyber-insurance. He divides cyber-coverage into two areas: "first party" coverage agreements and "third party" coverage agreements. First party agreements cover the following areas related to CRM applications:
Network Extortion Coverage.
This coverage reimburses the insured company for payments made in the event of extortion. It's meant to prevent loss of the CRM network or damage to it.
Business Interruption and Extra Expense Coverage.
This insurance covers loss income due to a slowdown--or even a shutdown--resulting from a disaster. These policies might be written on either an agreed-upon value per hour basis or on an actual loss sustained basis. They usually have a waiting period of 12-to-24 hours, and they may have a dollar deductible. Emergency Response Fund Coverage. This insurance allows the insured company to hire consultants to minimize the damage resulting from a hacking attack or other malicious intrusion to the CRM system. It also covers the preserving of forensic evidence used to identify the hacker or other intruder. This section generally carries a sub-limit--between $100,000 and $200,000. Third party insurance covers a company in the event of a claim made by another. A company may be liable for a security breach on its own system or on a provider's system. Fortunately, there are policies available in the area of privacy and network security as well.
|
|
|
