Harb has covered clients with cyber insurance for more than 20 years, at
first insuring online Auctioneers, then Auctioneers with any type of
“The question comes up,” Harb said of Auctioneers he covers, “‘why do I need another policy?’”
The answer is that most insurance policies Auctioneers have, which are general liability, don’t cover everything.
Harb and Magnus both advise Auctioneers to look at their contract from
back to front, because the contract will spell it out toward the end
what isn’t covered in a general liability policy. Most will exclude all
electronic media, including databases where sensitive client information
But, why does this matter? It’s simple – getting hacked can sink your
business. Almost every Auctioneer has digitally recorded who is bidding
at the auction, their address, phone number and other identifying
information, including credit card numbers.
And, while you might be working through PayPal or other third parties to handle payment, you’re still liable for that data.
“Every state has now passed a law that says if you do business in our
state and you lose personally identifiable information of a resident of
our state, you need to notify all of your customers,” Harb said.
Magnus added that the cost associated with notification is between $50
and $225 for each person notified. So, if your database has hundreds of
peoples’ information on it, you’re looking at major losses.
Magnus said that when Auctioneers apply for coverage, they’ll look at
whether or not they have firewalls in place and assess what the
Auctioneer does to prevent data breaches and keep hackers out of their
“It gets you thinking about your processes and what you can be doing
better,” he said, adding that some will outsource their IT to add an
extra layer of security. “We’re here to educate you and protect your
Harb and Magnus said their cyber policies (Harb prefers the term
“database policies”) will cover network security, privacy and liability
for any issues with Payment Card Industry (PCI) compliance.
“If you are taking credit cards and you lose the credit card database,”
Harb said, “now you can have the Payment Card Industry come after you.
If you lose data and you are not PCI compliant, they can fine you, and
the policy will respond to that – it responds to fines and penalties.”
No two cyber policies are alike.
Harb and Magnus advise Auctioneers to talk to their insurance agents so
that when the worst happens, i.e. ransomware attack, password attack,
denial of service attack, etc., they’re covered.
This article was an excerpt from a presentation given at the 2018 NAA International Auctioneers Conference and Show
. Want even more tips regarding this topic? NAA members can access the full audio of this presentation and many others in the NAA Education Portal