Protecting your inventory from crime, fire, natural disasters, and shipping-related risks with a jewelers block insurance policy is a must.
Unfortunately, many jewelers fail to recognize other risks, which includes extremely large expenses stemming from liability-related costs.
While some jewelers know that employment practice lawsuits and appraisal liability claims are a possibility, an even smaller percentage are aware of what may be the most concerning threat of our time: cyber crime.
Cybercriminals aren't just stereotypical hackers who are geniuses when it comes to computer networks. More and more data breaches are resulting from social engineering schemes, such as spear phishing emails.
In fact, the 2017 Cybercrime Report by Cybersecurity Ventures states that 91% of sophisticated attacks begin when targeted individuals voluntarily disclose sensitive information.
The most alarming statistic for the jewelry industry is the proportion of victims when categorized in terms of size. According to Verizon's 2018 Data Breach Investigations Report, 58% of breaches involve small businesses.
If there's any good news, it's that you can protect your business with cyber liability coverage. Jewelers Mutual's product can be added to a Businessowners Policy and covers first-party losses — such as loss of money incurred due to financial fraud — and liability claims where there's a duty to defend lawsuit or regulatory penalties are incurred.
Learn more about examples provided by NAS Insurance Services* of how jewelers could be impacted and how cyber liability insurance can help manage risk:
Privacy Breach Response
Highlights
In addition to covering privacy breach response costs, this coverage also includes notification expenses and breach support credit monitoring expenses.
Scenario
A network programming error caused the customer information of a mid-sized chain of jewelry stores to become publicly visible on the internet.
Approximately 8,700 customers were affected by the breach.
RELATED: Equifax breach to cost total of $439M
Insurance covered the breach response costs, including customer notification costs, IT forensic expense, legal fees, and public restoration expenses, all totaling more than $125,000.
Network Asset Protection
Highlights
Coverage for income loss, interruption expenses, and data recovery costs incurred due to a variety of causes, from accidental damage of electronic media to cyber attacks.
Scenario
A high-end watch retailer was the victim of ransomware carried out by a hacker who entered the retailer's computer system through a vulnerability in the network.
The malware installed by the hacker immediately encrypted data stored on the system, including accounting, payroll, sales receipts, and vendor records. The hacker demanded payment to unlock the data. The retailer could not process orders or shipments or otherwise maintain normal business operations while attempts to resolve the incident were underway.
RELATED: Ransomware protection for jewelers: Prevention and response tips
Insurance covered the retailer's income loss of $15,000 resulting from the business interruption.
Cyber Extortion
Highlights
Coverage for extortion expenses incurred and extortion monies paid as a direct result of a credible cyber extortion threat, including ransomware.
Scenario
The owner of a jewelry repair store downloaded an e-mail attachment that appeared to be from his bookkeeper.
The attachment contained ransomware which, when downloaded, immediately encrypted files stored on his computer, including accounting and payroll records. when the owner tried to access a file, a message appeared on the computer screen demanding a ransom payment in Bitcoin to receive a decryption key.
With the help of an IT expert and legal counsel, the threat was determined to be credible, and the ransom was paid.
Insurance covered $10,000 in total damages for the ransom payment, IT fees and legal expenses.
BrandGuard
Highlights
Coverage for loss of net profit incurred as a direct result of an adverse media report or breach notification following a security or privacy breach.
Scenario
After reporting a data breach to state officials, a retail store was featured in a series of news reports concerning data breaches impacting local businesses.
One such report accounted the specific details of the breach experienced by the store and its response to the incident. The news report aired at the start of the holiday season. The store experienced a significant downturn in business due to the news reports.
Insurance reimbursed the store for the demonstrated loss of net profit resulting from the adverse media reports.
Cyber Crime
Highlights
Coverage for losses incurred due to:
- wire transfer fraud
- fraudulent use of an insured telephone system
- phishing schemes that impersonate your brand, products or services, including the costs of reimbursing your customers for losses they sustain as a result of such phishing schemes
Scenario
A jeweler received an e-mail from a supplier requesting that a payment in the amount of $58,450 be sent via wire transfer. After wiring the funds, the jeweler discovered that the wire transfer request was not legitimate; she has received a "spoof" e-mail, sent by a hacker posing as the supplier.
The jeweler's bank refused to return the funds because all wire transfer protocols were followed, and the wire appeared to be legitimate.
RELATED: 8 tips to keep emails safe at your jewelry business
Insurance covered $10,000 of the fraudulent wire transfer.
Multimedia Liability
Highlights
Coverage for claims alleging liability resulting from the dissemination of online or offline media material, including claims alleging copyright/trademark infringement, libel/slander, plagiarism, or personal injury.
Scenario
A jewelry store owner received a "cease and desist" demand letter alleging copyright infringement after the owner pulled an image from a Google Images web search and used it on the store's website and online promotional material.
The copyright holder of the image was able to locate the website and promotional material and subsequently demanded removal of the image and compensatory damages.
RELATED: Is this copyright infringement? What images you can & can't share [Infographic]
Insurance covered the costs to defend the claim and compensatory damages
Security & Privacy Liability
Highlights
Coverage for claims alleging liability resulting from a security breach or privacy breach, including claims alleging failure to safeguard personal information.
Scenario
A jeweler completed the appraisal on a customer's collection of diamond jewelry and had her store manager email it the customer.
A few days later, the customer called and stated that she never received the completed appraisal, which alerted the store manager that the appraisal had been inadvertently sent to the wrong email address.
The appraisal contained personally identifiable information (PII). The customer filed a lawsuit against the jeweler for negligence and failure to safeguard confidential information.
RELATED: Guidance on the protection of personal identifiable information
Insurance covered defense costs and damages associated with the lawsuit.
Privacy Regulatory Defense & Penalties
Highlights
Coverage for regulatory fines and penalties and regulatory compensatory awards incurred in privacy regulatory proceedings/investigations brought by federal, state, or local governmental agencies.
Scenario
A national jewelry store chain discovered malware operating on point-of-sale (POS) devices at several of its locations. The malware was designed to access payment card data, including customer names and card numbers, from cards used the POS devices.
The jewelry store chain disclosed the breach in a press release, and a customer affected by the breach subsequently filed a consumer complaint with the Federal Trade Commission (FTC). The FTC investigated and found that a lack of technical safeguards contributed to the theft of credit card data. The FTC ordered payment of civil fines and penalties for unfair data security practices.
RELATED: Free tools to protect your business from cyber attacks
Insurance paid for the defense costs and fines and penalties incurred in the FTC investigation.
PCI DSS Assessment
Highlights
Coverage for assessments, fines, or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) or payment card company rules.
Scenario
A security breach of a jewelry store's card reader system resulted in the exposure of credit card data of over 2,000 cardholders.
An investigation of the security breach determined that customers' credit card data had been 'skimmed' off the compromised system by criminals to be sold on the black market, and the store failed to maintain the required data security controls under the PCI DSS.
RELATED: How to spot and avoid credit card skimmers
The acquiring bank imposed fines and assessments in the amount of $380,000 against the store for failing to comply with PCI DSS. Insurance covered the PCI DSS fines and assessment.
Learn More About Keeping Your Jewelry Store Safe
Want to learn more on how you can keep your jewelry store safe 24/7? Read our comprehensive Jeweler Security Guide by clicking the button below.
*The scenarios used are examples of the types of claims and associated costs commonly seen and do not represent a comprehensive explanation of any one particular claim. While the subject coverage is designed to address certain risks and associated costs, coverage may not be available in all circumstances. Each reported claim will be evaluated on a case-by-case basis. The actual policy or endorsement language should be referenced to determine coverage applicability and availability.
** Any coverage description are a brief summary of coverage and are not part of any of the described insurance policies, nor a substitute for the actual policy language. Not all coverage is available in all U.S. states and Canada.