wwe werestlers

Fighting the Goods Fight – Counterfeit Liability

World Wrestling Entertainment (WWE) has been involved in an interesting suit the year. Irritated by the amount of counterfeit swag that is sold outside of venues holding WWE matches, the company asked the courts if it could be “deputized” in order to seize counterfeit merchandise. The federal judge who first heard the case felt that, if the company wanted ex parte seizure rights, it would need to name the counterfeiters first before acting against them.

WWE argued that it couldn’t possibly know in advance who might be outside selling counterfeit WWE wares. However, since WWE doesn’t license third-party retailers to sell WWE merchandise outside of the venue, identifying the bootleggers would be easy. The saga came before the Fifth Circuit Court of Appeals, which believes WWE should get the relief they seek from counterfeiters, but was unsure about allowing WWE to carry out the seizure orders themselves.

Who enforces seizure, and how?

The case conjures up an interesting vision of wrestlers toppling card tables outside of stadiums and grabbing all the bootlegged merchandise they can get their hands on. The vision should frighten retailers a bit. Counterfeiting is a growing problem in the U.S., and companies who make the real thing are getting just as irritated as WWE.

Certainly non-licensed sports apparel and fake purses are the most visible counterfeit goods out there, but a whole host of products are making their way to consumers, from fish and olive oil to an entire chain of fake Apple stores in China, manufacturers and retailers alike are being undersold and undercut, and they’re unhappy.

The WWE ruling, however, could add a new layer of liability to the mess. What if you’re a retailer and it is discovered that you have a large cache of counterfeit goods in your store? Does the Fifth Circuit’s ruling mean that the license holder can walk into your establishment and pull the goods directly from your shelf?

It’s hard to tell. At this point, the WWE is tasked with going back to the drawing table to explain to the court how the company intends to seize the property without the help of authorities. Once WWE lawyers come up with a plan, it will be up to the court to make its final ruling.

What is your liability in a counterfeit scenario?

Depending on what type of goods you sell, you may certainly lose the cost of what you paid for counterfeit goods if you’re selling them. But you also have a responsibility to consider the serious health and safety concerns associated with selling counterfeit goods like baby formula, electronics, or medications.

The long-term impact of selling damaged goods could hurt your reputation and force you to suffer extended losses. You might also want to consider how the goods got into your store in the first place – was it from a shipment far away, or is the switch happening at your own back door due to organized crime or other criminal activity?

The International Trademark Association offers some good advice about counterfeiting, and you should work with your staff to establish best practices throughout your organization to avoid receiving counterfeit goods in the first place, and then work with your lawyers and insurance professionals to get a read on how much you are exposed to counterfeit operations.

If you find your level of exposure is high, but it’s difficult to find a policy that will cover you, consider forming an enterprise risk captive to maintain the level of coverage. Contact us if we can help you.

green goblin

Keeping the Liability Goblins at Bay

There have been a few law suits recently that looked more like hoaxes or stories you’d read in the Onion than actual liability cases.

Disappearing act

One such story involved Snapchat. If you’re unfamiliar with the technology, it’s an instant messaging feature used mainly by the younger generations for instant – and supposedly ephemeral –communications (the messages and/or images sent were supposed to disappear automatically and forever after they are opened and viewed.)

Earlier this year, Snapchat settled with the FTC, admitting that their claims of disappearing images were false, and also admitting that they were collecting data on users including location and contacts information. Like unsettled spirits, it seems, data and images never really go away, instead they turn up at the most inopportune moments to haunt you.

It gives you wings – or $10

In another suit, Red Bull customer Benjamin Careathers sued the energy drink manufacturer for false claims. Though it was widely reported that Careathers sued over the fact that he didn’t sprout wings, as per Red Bull’s tagline, “it gives you wings”, Careathers suit was more focused on the drink’s claims as a provider of energy. “Red Bull defendants prey upon consumers by promising that, among other things, ‘Red Bull gives you wings’ by providing a mixture of ingredients that, when ingested significantly improve a consumer’s physical and mental performance,” notes the lawsuit.

Instead of battling the suit in courts, Red Bull offered a settlement of $10 cash or $15 in product to any U.S. consumer who had purchased Red Bull since 2002. Doubtless, the marketing-savvy company is hoping the settlement will have wings of its own and turn into yet another promotional opportunity for the drink.

False claims can hurt you

False claims, even when they’re tongue-in-cheek, can be devastating to a company. There are false claims from countless health products – think of vitamins and herbal supplements that make unbelievable claims about weight loss – and there always seems to be a suit about a car company exaggerating its miles per gallon, Hyundai being among the most recent.

In addition to big consumer cases, however, even smaller businesses need to worry about making false claims on contracts. From employment contracts to sales contracts, an exaggeration might encourage a candidate to say “yes” to a job offer, or push a sale through, but later you might find out where the thin line is between “exaggeration” and “false claim”.

False Claims Act – the Lincoln Law

False claims have been a serious crime in the U.S. ever since the government enacted the False Claims Act during the Civil War to establish clear liability for anyone who “knowingly submitted false claims to the government.” The Justice Department has published an excellent primer on the act, which is known affectionately as the Lincoln Law, or FCA. During the past few years, there has been a surge in the number of false claims filed. The Association of Corporate Counsel notes that FCA suits “used to be a risk mostly confined to the medical and procurement industries, now communication companies, commercial lenders, energy providers, international trade companies, and entities in a variety of other nontraditional industries are routinely FCA targets.” Any company doing business with the government needs to be aware of their liability risk, urges the association.

Staying away from false claims

There are a few things you can do to protect yourself against commercial or government false claims lawsuits. First, make sure you have marketing and legal professionals on your team who understand intellectual property laws, contract law, and possess a certain degree of professional common sense. You don’t want to wind up passing every single line through legal, but you do want to know that members of your team will make solid, informed decisions about what you say in public advertising and official documents.

Be sure you’ve got good research from reputable firms. There are plenty of research firms out there that will give you the answer you want – so make sure you hire researchers that will give you the right answers.

You can never be 100 percent sure that every claim you make – or every tagline your ad agency writes – will be foolproof. Be sure you’re covered. Work with your insurance agent to make sure you have coverage for false claims lawsuits, particularly if your company holds any government contracts. If you feel you might be susceptible to frivolous suits, contact us to find out how enterprise risk captive insurance could help round out your coverage scenario.

Illustration of polar vortex

The Polar Vortex and your Business

Our offices are located in Denver, so throughout the winter, and even sometimes when it seems like it should be summer, we keep a close eye on what the forecasters are saying. We winced slightly at recent reports that promised more polar vortex this winter. Of course, it depends on who you listen to. The National Weather Service says vortex! The Old Farmer’s Almanac isn’t quite as frightening. But when it comes to long term predictions, we can be certain that weather will be the source of problems sometime over the next few years, it’s just a fact of life.

The economic impact of the polar vortex

CBS News reports that the economic impact of last year’s polar vortex could reach $5 billion. Lost productivity, increases in heating costs, and drops in consumer spending were some of the biggest financial hits, with flight cancellations smarting for the airline industry at $1.4 billion.

Bloomberg reported that freezing temperatures and snow put the freeze on earnings, as well, though the article also mused that companies like McDonald’s and General Motors might have been using the cold to put the big chill on rumors about their cooling performance.

The truth is, the weather – mild or freezing, snowy or clear– will impact each business differently. Here in Colorado, snow is good business for the ski resorts, and all of us celebrate using four wheel drive once the snow hits, but just a touch of the stuff in a town like Dallas or Atlanta can put an entire region out of business for days.

Bad weather can be the cause of work stoppages and property damage, business face a host of additional issues due to weather. For example, the polar vortex of 2014 put a huge strain on the energy sector. The North American Electric Reliability Corporation found that the polar vortex caused curtailments and interruptions of the fuel supply, making industry vulnerable. The supply chain at large was at risk, as transportation providers (water, land, and air) slowed down or stopped completely during storms and freezing weather. Extreme cold in regions where freezing temperatures are far from the norm caused frozen pipes and many related nuisance issues at factories and work sites.

You may need more than a shovel

A second polar vortex could upset U.S. GDP forecasts, warns the International Business Times. Have you considered what kind of impact another winter with sustained freezing temperatures could mean to your business, your industry, or your supply chain? Sit down with your team and consider some of the most important projects you’re working on over the winter months and decide if you should make any contingency plans. Consider any safety issues you might want to address from a facilities standpoint before the weather gets too cold, and pre-order essential parts or shipments that would put you out of business if you were without them for more than a day or two.

The lesson we should take from the polar vortex is being prepared can save you.

As you make preparations for the winter months, work with your broker to make sure your business, your facilities, and even your key executives are covered by the right kind of insurance. Winter storms take a toll on property, but can also keep your executives away from key meetings or other critical functions that can make or break deals. With the right kind of insurance in place, you can feel the assurance of good coverage, even when you’re covered in snow. Let us know if we can help you better understand how enterprise risk captives can help shape your insurance picture.

electronic heatlh records

Electronic Health Records and Liability

If you work in the healthcare business in any capacity, you’ve probably heard about the switch to Electronic Health Records (EHR) that requires healthcare providers to convert patients’ paper records into standardized, accessible electronic records by 2015 (see a full schedule for deadlines here.) This massive sea change in how patient records are made, kept, and stored, has been a long time coming, but now the conversion to this kind of record keeping is a mandate, so all healthcare providers need to comply with guidelines. You can read all about it on HealthIT.gov.

Doctors who have a small, one-person practice must comply in the same way major clinics do. The new EHR guidelines also require healthcare providers to pay attention to a wide range of privacy and security issues including wireless Internet security and access to Wi-Fi networks and all staff must keep records out of patients’ view, which is a bit tricky when files are now on computer screens instead of manila folders.

All of these new regulations lead to a whole new set of potential liabilities for healthcare providers and the companies that support them, and everyone involved is updating their insurance policies as they upgrade their systems.

Insurance issues connected to EHRs

The Insurance Journal cites a few academic papers that caution healthcare professionals about liability. From malpractice claims to privacy breach claims, providers are responsible for maintaining accurate records, and keeping them accessible to the right people and safe from the wrong people. Data breaches in healthcare are pervasive in the industry. The U.S. Department of Health and Human Services maintains a database of breaches affecting 500 or more individuals and the list reveals just how vulnerable these practices are to risk.

While liability will fall on the practices, it is easy to see how a chain of blame can ensue. A doctor’s office where a breach has happened might outsource management of their networks to an IT company that promises state of the art security features, and they, in turn, might contract their servers to a cloud hosting service. Technology has a long tail these days, and it’s hard to know where responsibility and blame begin and end.

Is your business ready for EHR?

Now is a good time to consider your insurance coverage when it comes to electronic health records and your liability. Many practices and facilities have upgraded and documented some of the problems they’ve experienced, and insurance brokers have had a chance to get caught up with the new and sometimes unusual coverage needs for clients in the healthcare industry.

Consider updating your coverage if you support healthcare facilities in some way. Many new regulations are in place, and all kinds of professional service providers should reconsider what their liability might be. From law and accounting firms that work directly with healthcare facilities to plumbers, electricians, and IT professionals who work on facility infrastructure and security, to doctors who practice at multiple facilities – so many people play a role in maintaining patient records and keeping them safe.

Contact your broker to talk about new issues with compliance and find out if there is additional coverage you should consider. If you find your risk is out of the ordinary or you can’t find coverage available on the commercial market, consider an enterprise risk captive as an alternative way to manage your risk.

chip technology for credit cards

Chip In – New Technology for Credit Cards Reduces Risk

A technology has been available since the mid-1990s that is proven to reduce credit card fraud by up to 67 percent (according to research reported by the Smart Card Alliance) in some countries. Until recently, the United States was the only country that hadn’t yet adopted EMV (an acronym of the technology’s creators, Europay, MasterCard and Visa) but it is finally being implemented here in the midst of data breach catastrophes and consumer wariness over payment security.

How EMV works

EMV-enabled credit cards – or smart cards – have in them an embedded microchip that can store data that can be encrypted and/or authenticated for heightened security. In order for the chip to work for the payer, the payee must have a smart card reader. There is much, much more to the technology, but the driving force behind the chip is enhanced security and privacy. Smart cards mean more reliable authentication on a network that offers more security than existing U.S. networks. Encryption available through the smart card system provides advanced protection from tampering, and the technology makes creating duplicate cards very difficult.

Smart card technology creates a single global payment security process for all participants – and when the U.S. finally and thoroughly adopts the system, all major global economies will be on board. The technology also encourages mobile contactless payments (you’ve probably noticed people paying with their phones at Starbucks or at the movies) which will push another wave of innovation and transformation for retail and other industries as we get used to using the technology.

How EMV alters the liability landscape

Credit card companies are pushing the adoption of EMV-enabled smart cards. In fact, major U.S. credit card issuers including American Express, MasterCard and Visa, have established a deadline for businesses to adopt the technology (October 15, 2015). If a business isn’t using the technology by the deadline, it will be liable for any fraud-related loss. For example, if you own a business and use a traditional swipe-only terminal for a chip-enabled card, and that card is fraudulent, the fault is yours.

EMV technology elevates safety, but it also puts a greater burden of responsibility on those who accept payments. In the U.S., more than $10 billion in transaction fraud takes place annually, and that number is sure to be on the rise this coming  year, with all the hacking that’s taken place recently.

While retailers typically make up a broad swath of the companies affected by credit card fraud, these new rules apply to any business that accepts credit card payments, from a small plumbing business to medical practices and law firms, and even non-profits. Everyone is affected.

What should you do?

The most important thing to do is get up to speed on the new technology. Resources like the National Retail Federation, Payments Source and even Costco have set up web pages and publications to help business owners make the transition to accepting EMV cards.

Installing the new systems is just one facet of accepting the payments, you’ll also need to train your staff on how to use the new technology, and help them understand how the system works.

Whether you own a mid-sized business or a huge operation it is important to consider how much exposure your business has to credit card fraud. Ascertain how much credit fraud you’ve experienced in the past, and consult some experts on how that fraud could increase over the next year, as well as the new risks you might face once the landscape of liability changes in October of 2015. Do everything you can to mitigate potential disasters, but also consider your insurance coverage for credit card fraud.

We’re happy to talk with you about coverage. Feel free to contact us if you’d like information on how forming an enterprise risk captive can help.

Is it time your captive had a checkup?

There has been some press lately about the IRS auditing enterprise risk captives. The IRS has definitely increased its scrutiny of captives over the last few months, and more than a few captives are currently experiencing audits.

For most enterprise risk captives, this shouldn’t be a problem. Certainly, it’s always stressful to have the auditors looking over your shoulder, but when they’re set up properly, enterprise risk captives operate like any other insurance business, under a series of well-defined laws and regulations that dictate exactly how they should operate. Uphold and maintain the spirit of captive, follow the letter of the laws, and you should pass an audit without any difficulty.

What happens in an audit?

One of the most critical aspects of the enterprise risk captive that the IRS is looking at involves the nature of the captive – is it a legitimate risk tool built for the purpose of insurance, or is it something else?

The IRS will also look at the kind of insurance coverage the captive provides to make sure the insurance is necessary to the business, and they’ll want to know about the integrity of the risk distribution that supports the captive. In short, they want to see a duck that looks like a duck, walks like a duck, and quacks like a duck. They’ll ask for all the paperwork, accounting support, and legal documents you’ve got, and they’ll probably give your accountants and lawyers a run for their money and yours for a few months.

Should you be worried?

At Intuitive, we spend a lot of time and energy in the discovery phase making sure that a business is right for a captive and that the captive is right for the business. Before we ever begin underwriting, we know that a captive is a good and viable option for the company we’re working with. We spend an equal amount of time and energy getting all of your ducks in a row when we’re setting up the captive. We’ll pull all the paperwork together, all the legal documents, and every bit of information a company might need if they were ever to be audited, and provide the company’s officers with all of this documentation (we keep a copy, too) and then we set about the task of keeping the documentation current quarter-over-quarter, year-over-year.

We also maintain a risk pool that is the best in its class. To get more information about it you can either give one of our partners a call, or read what they have to say about our management philosophy and our risk pool.

If you’re at all concerned about the status of your enterprise risk captives, please call us. We have professionals on staff who can evaluate your captive and provide you with feedback on how it’s been set up and maintained. We’ll do this free of charge and with no obligation. We want to help you avoid problems down the road, and start a conversation about best practices in the industry. A rising tide lifts all boats, we’re here if you need safe harbor.

Chicago skyline

Keeping an Eye on Tax Loopholes

John Stewart once quipped on his show, “Let’s say you’re the present governor of Illinois, and you’re in a room with a former governor of Illinois on your right, and a former governor of Illinois on your left…chances are, the room you’re in is jail.”

Recently, more than a few lawmakers and business owners in Illinois would have liked to put Gov. Pat Quinn in a holding cell after a minor change in the state’s laws that govern insurance taxation were slipped past the Illinois House and Senate.

The law in question, which was thought to be a small amendment to an existing law, creates a loophole that could apply state tax rates to payments to wholly owned captive insurance subsidiaries beginning in 2015 at a cost of almost $100 million a year to Illinois-based businesses like Boeing and United/Continental Holdings, according to Crain’s Chicago Business.

With all the best intentions

The original intention of the bill was to target the premium tax paid by brokers in Illinois who arrange surplus lines of insurance, but the language created the possibility that the state could look to captive holders for as much as 4.6 percent of tax on premiums. Here is a very good explanation of how the law is worded from InsideSalt.com.

A letter signed by all 47 of the republican members of the Illinois House demanded a resolution to the issue, but it’s not likely to happen before the tax could be imposed next year.

Should lawmakers have read the fine print prior to voting for the amendment? Possibly, but the administration should have been more forthcoming about the potential impact of the bill. Most agree that the impact to captive owners had never been raised in formal meetings about the bill, and it would have taken a keen-eyed staffer to identify the loophole.

Looking to 2015

Illinois lawmakers and businesses will continue to put pressure on Gov. Quinn to not sign the bill, but the case reminds us how important it is to keep current with laws that regulate the insurance industry.

We maintain a close watch on laws and regulations in each state that we serve, and keep up with federal regulations, too. This particular law in Illinois is a glaring example of what can happen when lawmakers are careless, but illustrates that even small alterations to existing rules and regulations can have a big impact on our clients.

We’re hopeful that the issue in Illinois will be cleared up, and that Gov. Quinn has better luck than some of his predecessor in the Governor’s seat in Illinois. In the meantime, contact us if we can help you with your enterprise risk captive.


employees travel abroad image

Business Travel Abroad

Is your company entering a new market? Are your employees going to a conference in an unusual destination? Making sure your employees are safe when they travel abroad can sometimes be as easy as making sure their passports are in order, but depending on where employees are going in the world, you may need to begin planning months in advance to get them there and back safely.

Resources for Americans Traveling Abroad

Before you purchase tickets, take a quick look at the State Department’s Bureau of Consular Affairs website to check your destination, read about passport restrictions (will your passport be valid from the time you leave through the time you return?) and find out about personal safety and health issues in the country or countries you’re visiting.

The site is a fantastic resource to anyone traveling, and it’s a very good idea for employees who aren’t used to international travel to really take a look at the site and understand some of the issues it brings up. For instance, you’ll need vaccinations if you are visiting certain countries, and some vaccinations require a full course of shots that can take a few weeks or even months, so be sure you understand these restrictions before booking a ticket. You will also want to check the political and safety situation in your destination country.

The state department site can help you locate help if you’re already abroad and something happens – you lose your passport, or get into trouble with local authorities. It’s a very good idea to know where the U.S. Embassy is when you’re traveling.

Employer responsibilities for traveling staff

When your staff or senior executives are traveling on behalf of your company, visit The Overseas Security Advisory Council (OSAC), an public-private venture that was created specifically as an extension of the U.S. Department of State to help U.S. private sector interests worldwide. The OSAC was launched in 1985 when CEOs from U.S. companies sought to promote a better relationship between the State Department and U.S. businesses abroad. Now, the agency has more than 4,700 companies and educational institutions as members. If you’re planning extensive travel, you can become a member, or you can use the site as a resource for news and events. If employees will be overseas for a while, particularly in countries where there could be unrest, it’s a good idea to be networked with other American institutions and government agencies.

Personal Security

Hiring a personal security guard or detail is sometimes recommended for staff travelling to countries where there is a great deal of political unrest and/or kidnapping.  It can be a difficult process to look for and find reliable companies, so it’s important to network with other companies with established businesses in the region, or get recommendations from reliable sources (Triple Canopy and Academi are two companies well known for protection services globally.)


There are a number of insurance issues you’ll need to take care of, even for a short trip abroad. Health insurance and travel insurance are a good idea for all travelers. But you also want to make sure your corporate policies provide coverage for a wide array of possibilities, from kidnapping to arrest, extortion, and even death of an employee or executive abroad. So many factors can impact any one of these unfortunate events, and you’ll need a lot of resources at your side quickly, including crisis management, if an employee gets into trouble in a foreign country. Be prepared.

If you’ll be doing business overseas regularly, consider updating your insurance policies, or even establishing an enterprise risk captive to cover the wide range of risks you and your employees face when traveling. Contact us if we can provide some assistance with planning.

captives and business growth

Risk Management Isn’t just for the Big Guys

Growing a business is tough. You get so mired in the day-to-day that you forget to stop, pull in some oxygen, and take a really good look at how far you’ve come. We meet with a lot of business owners who, once they set aside their worries and frustrations for a little while and take the time to really look at what they’ve accomplished, are surprised to see how much progress they’ve made.

Sometimes, I think it is human nature to forget that you’re growing, and with growth comes change. We meet with a lot of business owners who either underestimate their real value, or think that they’re not yet big enough to worry about risk management. “Risk management?” a client said, looking at me quizzically when I started talking with him about it, “That’s for the big guys, not me.”

But the truth is, as your business begins to mature, you really have to take a look at the amount of risk you’re self-insuring and find ways to cover that risk so that you can move the business forward. In fact, the people who fund you – the banks and investors, the shareholders – will want to know that you are managing risks appropriately, that you’re insured properly, and that you are thinking strategically about your assets, the amount of risk you’re taking on, and the way you manage that risk.

Benefits of risk management

Risk management isn’t just about buying more insurance. Certainly, there are a number of situations you want to be prepared for – liability issues of all kinds, including employment issues, product liability, property damage, even bank deposits. Risk management, when done appropriately, helps to insure you against the worst case scenario, providing a buffer if the worst happens.

But it’s not enough, sometimes, just to buy insurance. Depending on what type of business you’re in, you may not be able to get reasonable deductibles, leaving your business exposed to a loss that’s bigger than you’re comfortable with. You might not be able to purchase insurance on certain types of liability at all. Consider flood insurance in lowlands areas, or kidnapping insurance for executives who are working to build your company’s profile globally.

Proper risk management will help your company absorb the costs of the worst happening. Your business will also have the benefits of lower overall insurance costs and a better financial structure during good times – and bad – to support long-term growth.

Risk management strategies

Reconsider the idea of risk for your business and reframe the idea with a series of buffers that are available to you – the smart people you’re hiring to move the company forward, the support you have from investors and board members, and the financial mechanisms that are in place to carry you over the rough patches.

Meet with your insurance broker regularly to go over updates and changes your company is going through and find out how your broker can help you reconsider your insurance in the same way that your bankers and brokers help you grow your investments. Updating policies, purchasing new policies, and restructuring payments are all ways to responsibly manage risk. When you reach a point where insurance is difficult to buy for a certain type of coverage, or where the deductibles are prohibitively high, your broker may suggest an enterprise risk captive. Once thought of as a tool for “the big guys”, captives are now much more accessible to – and right-sized for – mid-sized companies. With a captive, you can zone in on risk planning that you need to do for your company, and insure those risks that are difficult to find policies for on the open market. We work closely with your company to underwrite, manage, and meet all state and federal regulatory and tax guidelines associated with the captive, so that you can feel confident that the captive is working efficiently for your company.

If you’d like to consider a captive, talk with your broker, or contact us to find out more about how captives work. I promise, they’re not just for the big guys.

Thousands of Businesses Susceptible to the Backoff Virus

The Secret Service and the Department of Homeland Security recently warned more than 1,000 retailers that they were probably being hacked with the same malware that hit Target last year. The Chicago Tribune reports that the “Backoff” virus was more widespread than initially thought. The virus, which scrapes credit card data at the point-of-sale, is difficult for retailers to detect and many businesses aren’t yet able to monitor for it.

The DHS is urging retailers to get in touch with their anti-virus vendors in order to get the right systems into place as soon as possible, and recommends additional measures, such as implementing systems to ensure consumer and credit card data are always encrypted wherever the data lives on the network.

Industry-wide challenges

Cyber security will continue to be a serious issue for retailers large and small. Groups like the National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) have put together large consortiums, think tanks, and initiatives to pool information and resources to get effective solutions out to retailers as quickly as possible.

The NRF’s information sharing platform, and RILA’s Cybersecurity and Data Privacy Initiative are good resources for retailers who need more information on what they can do to protect their data and their customers’ data. RILA’s initiative seeks to strengthen overall cybersecurity, improve payment security, and address consumer privacy issues. Both programs are big and far-reaching, but fighting hackers requires quick and nimble action.

As the industry searches for and develops new methods for security, retailers will have to find new ways to ensure the safety of their transactions and data. Retailers might want to take some advice directly from Target – in his testimony before the Senate Committee on Commerce, Science & Transportation in March, 2014, John Mulligan, executive vice president and chief financial officer for Target, reviewed some of the actions Target was taking to ensure the safety of customer records. Target is currently:

  • Reviewing security across its network, segmenting and separating key portions of the network by using firewalls and limiting unauthorized traffic.
  • Strengthening anti-virus tools and whitelisting, or limiting the type of transactions that can run on a Target cash register.
  • Initiating stricter authentication on the networks that Target uses, upgrading to two-factor authentication for entry into the system.

Target was also the first retailer to join the Financial Services Information Sharing and Analysis Center, and is changing over to chip technology for its payment system.

Solutions for retailers of all sizes

Keeping your organization safe from hackers is a massive undertaking. From your servers down to every cash register in every store, it’s expensive, time-consuming, and ever-changing, requiring constant vigilance. And, as Mr. Mulligan pointed out, even if your company is certified as being compliant with the more than 300 independent items in a Payment Card Industry Data Security Standards assessment – as Target was – you are still susceptible to widespread hacking.

Consider the exposure you have if your cash registers are hacked, or your servers breached. Are you insured for these breaches. Does your policy even cover hacking and cyber crimes under their current definitions? Review your coverage with your agent, and understand what types of liabilities are covered – will your policy cover reimbursement for every customer who was affected by the breach? The lawsuits filed against you by customers? The lawyers you’ll have to hire, and the consultants you’ll need to on-board to fix the problems?

If you feel like your coverage isn’t enough, consider an enterprise risk captive – feel free to contact us if we can provide more information for you. A captive can help cover your company in the case of cyber crimes, or it can assist you with the high deductibles you may have with your current commercial policy.