Mercer Consumer Cyber Liability

Mercer Consumer Cyber Liability  


Cyber Liability is the risk posed by conducting business over the internet, over other networks, or using electronic storage technology. Cyber Liability insurance is designed to mitigate losses from a variety of cyber incidents:

  • Data breaches
  • Network damage, including third-party lawsuits due to loss of privacy
  • Ransom demands
  • Crime coverage

Through a partnership with McGowan Program Administrators, Mercer Consumer has developed an integrated insurance and risk management program for Cyber Liability. The program offers access to human resources- and data management-related services which provides superior products and services through a simplified process.

Primary cyber exposures include Personally Identifiable Information (PII), retained data, credit card theft, and business identity information claims. Attacks on your computers that aren’t protected can result in the theft of PII and other information.

Coverage Highlights

Coverage is provided for:

  • Data Breaches, including paper and digital files
  • Business Interruption Coverage
  • Network Damage — including third-party lawsuits due to loss of privacy
  • Electronic Financial Transactions (not available to Financial Services or CPAs)
  • Crime coverage (not available to Financial Services or CPAs)
  • Social Engineering (by sublimit)
  • Reputation Repair Assistance
  • Forensic Audits To Locate and Reduce Further Data Breaches

How to Apply

1. Click on one of the blue “Get A Quote” buttons that best describes your occupation.

2. Select from the drop down menu to access the online application.

3. Limits up to $1,000,000 are available online.

  • If you want limits above $1,000,000, you’ll still complete the online application for the maximum coverage available. Then contact one of Mercer’s Client Representatives at 1-866-486-1946 for assistance to complete your application for higher limits.

Once your application has been approved, you will receive an email with a link to pay the premium. Next, the policy will be issued and emailed to you.



Answers about the plan, including eligibility, options, enrollment, customer service and more.

Claim Scenarios

The average cost of a data breach is $204 per lost record, with more than half of such costs attributable to lost customers and the associated public relations expenses to rebuild an organization’s reputation.1 The below examples illustrate situations in which the costs incurred to remediate a data breach were significant.
  • Unauthorized Access

    An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.

  • Theft of Digital Assets

    A regional retailer contracted with a third party service provider. A burglar stole two laptops of the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer - not the service provider - was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.

  • Privacy Breach

    An employee of a rehabilitation center improperly disposed of 4,000 client records in violation of the center’s privacy policy. The records contained social security numbers, credit and debit card account numbers, names, addresses, telephone numbers as well as sensitive medical information. The center settled the claim with the state of Massachusetts and agreed to pay fines and penalties imposed by the state as well as extend $890,000 in customer redress funds for credit monitoring on behalf of the victims.

  • Theft of Digital Assets

    A home healthcare organization had backup tapes, laptops and disks containing social security numbers, clinical and demographic information, and in a small number of cases, patient financial data that was stolen. In total, over 365,000 patient records were exposed. The organization settled with the state attorney general, providing patients with free credit monitoring, credit restoration to patients that were victims of identity fraud, and reimbursement to patients for direct losses that resulted from the data breach. The organization was also required to revamp its security policies, implement technical safeguards and conduct random compliance audits.

  • Human Error

    A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner. Instead, one person received both copies. The mistake sent tax forms and social security numbers to strangers. Approximately 50% of the landlords who work with the community action corporation received their forms in addition to the private information of the others.

  • Cyber Extortion Threat

    A U.S. based information technology company contracted with an overseas software vendor. The contracted vendor left universal “administrator” defaults installed on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit such vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.

  • Human Error

    An employee of a private high school mistakenly distributed via e-mail the names, social security numbers, birthdates and medical information of students and faculty creating a privacy breach. Overall, 1,250 individuals’ information was compromised.

  • Malicious Code

    A juvenile released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.

1Ponemon Institute, 4/2009 Global Cost of a Data Breach Study.

Contact Us

We're here to help! Please contact us in whatever manner is most convenient for you.


Mercer Consumer
12421 Meredith Dr
Urbandale, IA 50398
 M-F 8a-5p CT

Be Prepared and Protected from a Costly Data Breach. Get the coverage you need to respond quickly and effectively.

Approximately every 3 ½ seconds a new threat is unleashed by cyber criminals into the online world of the internet. These criminals can range from middle schoolers who vandalize websites to international terrorists who target a country’s defense infrastructure.

Businesses face increasingly complex information and computer security risks. If you house or store client confidential information of anything defined as Personally Identifiable Information (PII), cyber criminals have an interest in your stored data files to target, breach and obtain such information.

The Cyber Privacy Liability policy available through Mercer Consumer, a service of Mercer Health & Benefits Administration LLC, has been tailored specifically for our policyholders and is not available outside our network.