You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
After a year of masks, social distancing, temperature checks, and now vaccine status checks, we are wading into a post-COVID life that brings new risks and fresh twists on established problems. As insurance brokers and risk advisors, our job is to see around corners and sniff out exposures. Post-COVID life has two areas where we see major risks that will increase in significance as the pandemic wears on. First, as activity migrates online, and organizations collect more personal data, there is an increasing cybercrime risk. Second, business and non-profit leaders are going to be challenged along privacy, equal opportunity, workplace safety, and public health grounds, following all of the COIVD-19 public health changes.
While we are a long way from understanding and addressing all of these issues, they carry financial consequences. Insurance should play an important role in protecting your organization from the mounting financial risk. The cost to respond to cybercrime is significant. The cost of litigation, even if only to defend good choices, is significant. Cyber insurance is necessary for any business. It is affordable and easy to put into place. Directors and Officers (D&O) and Employment Practices Liability (EPL) policies will protect an organization from litigation brought by employees, shareholders, boards of directors, partners, banks and regulatory authorities.
Data Security & Cyber Risk
Cybercrime is expanding, becoming both more pervasive and more sophisticated. It is also targeting the art world. Press around high dollar transactions by wealthy and famous clientele has put a target on the back of dealers, museums, foundations and even artists. Given present art valuations and the informal conventions of business, cyber criminals have launched sophisticated social engineering schemes.
Coupled with an explosion in online sales channels and you have a potent new exposure that warrants immediate attention. Working from laptops, the art world remotely migrated vast troves of client data, HR records, price lists, mailing lists, and other sensitive information to the cloud. Much of the shift online was done with little consideration for data security.
Cyber insurance is more important now than ever. It covers forensics and legal compliance. It covers ransomware and social engineering. Importantly, it also includes access to an experienced breach response team. Following a cyber-attack, most organizations lack the experience and resources to quickly get back up and running.
Duty Of Care
Organizations are responsible for maintaining a safe environment for workers and the public. In an effort to create a safe environment, organizations made rapid and radical changes to operations. They established requirements for social distancing, mark waring, temperature checks, COIVD testing, and other safety measures. Left unanswered are a host of workplace safety, ADAA, HIPPA related privacy, and duty of care issues for leaders. To add uncertainty to this mix, local government regulations and CDC recommendations diverge in an increasingly politicized policy and authority scramble.
Organization leaders need to talk to their attorney about how to establish policies and procedures. They must consider workplace safety and privacy regulations and make good faith efforts to create a safe environment all stakeholders. But those efforts can still come up short and lead to litigation: Will attorneys convince a judge or jury that a lack of diligence created a hazardous environment? Will someone claim discrimination because of their vaccination status? Will an employee allege unsafe working conditions because of an unruly confrontation over health protocols?
Directors and Officers (D&O) and Employment Practices Liability (EPL) insurance can fill the gap and protect organizations from the significant cost of litigation. Allegations by employees or third parties that allege a breach of duty of care by owners and managers are covered under D&O insurance. This coverage pays the costs associated with defense and judgements arising out of a wide range of non-property related claims including discrimination, harassment, and wrongful termination. With so much uncertainty in this space, we feel that it is prudent for any manager to seriously consider these coverages.
In Short
Given how quickly and how rapidly organizations shifted operations online, given how disruptive these changes have been, and given that this experience is novel for employees and the general public, there is little doubt that the post-COVID return or “normal” will be anything but. It’s impossible to know how these challenges will ultimately play out. But the downside risk to getting things wrong is significant. We feel that cybercrime and allegations stemming from a lack of duty of care the two largest exposures arising out of the COVID-19 pandemic. Cyber and D&O insurance are increasingly important for every organization. Despite the welcome experience of in-person art viewing at Frieze New York, in a post-COVID world, we are still very much grappling with the effects of the pandemic.
Find me on LinkedIn, here.
Connect with the Risk Strategies Fine Art team at fineart@risk-strategies.com
Email me directly at cwise@dewittstern.com
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.