Guest Column: C-Store Cyber-Risk Guide

Is cyber-liability something retailers need to be worried about?

Eric Bolduc, VP of Property and Casualty, Holmes Murphy

Eric Bolduc

Eric Bolduc

WEST DES MOINES, Iowa -- "Cyber risk" goes by many names in casual conversation--cyber liability, cyber theft, data security, PCI compliance, hackers, etc. Depending on your operation and the data you store, you could have significant exposure that needs to be evaluated. And after several high-profile retailers have been in the news due to cybercrime impacting their operations, more retailers are asking about the need for cyber-liability coverage.

Convenience store operators often struggle to understand cyber risk and how it should be addressed. Here is a quick guide to help navigate you through this coverage.

What? As a business, your company has a duty of care for how it uses and stores personally identifiable information (PII) and personal health information (PHI.) If your company mistakenly releases this information or it is stolen from your company, you are responsible for the outcome to the information owners. A few examples of this information include name, social security number, date of birth, place of birth and maiden name.

Why? You use the information to conduct business. As a result, misuse is your responsibility. Think of its treatment as you would a physical piece of customer property. If your car wash damages a vehicle, or the wrong fuel is dropped resulting in bad gas, the duty to correct damage is yours. The same concept applies to a customer's information.

What should you do? Like other areas of risk in your business, take inventory of what you have and develop a plan for how to manage. There are measures you can take to prevent information security breaches as well as insure against them.

Business leaders are advised to work closely with their information technology departments and IT officers to ensure security in all systems. Common precautionary measures to prevent data breaches include:

  • Antivirus software on all computers, laptops and servers.
  • Encryption for backup tapes and laptops, and password protection on all mobile devices.
  • Compliance with Payment Card Industry (PCI) security standards on all point-of-sale (POS) systems.
  • Secure wireless networks with WPA2 encryption.

Tools are available to help you evaluate the data security posture of your organization and increase awareness of best practices to help avoid cyber vulnerabilities. Free self-assessments can be taken by visiting the following sites: and

Eric Bolduc is vice president of property casualty for Holmes Murphy & Associates, West Des Moines, Iowa.

By Eric Bolduc, VP of Property and Casualty, Holmes Murphy
View More Articles By Eric Bolduc