Cyber Security Liability:

Similar documents
Cyber Risk Insurance. Frequently Asked Questions

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP


Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Cyber Enhancement Endorsement

Cyber Liability: New Exposures

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

NZI LIABILITY CYBER. Are you protected?

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Cyber-Insurance: Fraud, Waste or Abuse?

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES SPONSORED BY

Data Breach Program Pricing Companies with revenues less than $1,000,000

NON-PROFIT INSURANCE 101. Presented by Jamie Saunders and Jeff McCann

At the Heart of Cyber Risk Mitigation

PRIVACY AND CYBER SECURITY

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Cyber Risk Management

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Cyber Risks & Insurance

Electronic Commerce and Cyber Risk

Cyber Insurance for Lawyers

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Cyber & Privacy Liability and Technology E&0

A GUIDE TO CYBER RISKS COVER

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Your defence toolkit. How to combat the cyber threat

DEBUNKING MYTHS FOR CYBER INSURANCE

Protecting Against the High Cost of Cyberfraud

Cyber Risk Mitigation

Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor

Terms and Conditions Cyber Enterprise Risk Management Insurance

Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage

Chubb Cyber Enterprise Risk Management

The Internet of Everything: Building Cyber Resilience in a Connected World

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.

When The Wind Blows: Renewable Energy Risk Management Strategies

Cyber breaches: are you prepared?

Cybersecurity Privacy and Network Security and Risk Mitigation

ACORD 834 (2014/12) - Cyber and Privacy Coverage Section

Cyber Liability Insurance for Sports Organizations

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

The working roundtable was conducted through two interdisciplinary panel sessions:

ProtoType 2.0 Manufacturing E&O with CyberInfusion

An Overview of Cyber Insurance at AIG

DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY

DATA COMPROMISE COVERAGE FORM

Managing E-Commerce Risks

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

Privacy and Data Breach Protection Modular application form

Cyber Security & Insurance Solution Karachi, Pakistan

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

Cyber, Data Risk and Media Insurance Application form

Cybersecurity Insurance: The Catalyst We've Been Waiting For

Cyber Insurance I don t think it means what you think it means

Cyber Risk & Insurance

CYBER LIABILITY AND DATA BREACH RESPONSE ENDORSEMENT

Cyber Exposures: The Importance of Risk Identification and Transfer. Presented By: Joe Weipert

Sizing the Standalone Commercial Cyber Insurance Market

Whitepaper: Cyber Liability Insurance Overview

Add our expertise to yours Protection from the consequences of cyber risks

H 7789 S T A T E O F R H O D E I S L A N D

Enhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking

Untangling the Web of Cyber Risk: An Insurance Perspective

Media Liability Risks for Financial Advisors

Improving Cyber-Security Through Insurance The Past, Present, and the Future

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP

Professional Indemnity and Cyber Insurance for Technology Companies Summary of cover

PAI Secure Program Guide

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

Providing greater coverage for the greater good.

Cyber Risks & Cyber Insurance

2018 Cyber & Tech Liability Risk Transfer Update Part 2

Crawford Cyber Risk Services. A definitive solution for cyber-related events

Directors & Officers Insurance 101

South Carolina General Assembly 122nd Session,

T A B L E of C O N T E N T S

Great American E & S Insurance Company

Cybersecurity Curveballs in Vendor Risk Management Programs

2018 Small Business Risk Report

ARK Fintech Innovation ETF

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

australia Canada ireland israel united kingdom United states Rest of world cfcunderwriting.com

LEWISVILLE INDEPENDENT SCHOOL DISTRICT RFP # PROPERTY AND CASUALTY INSURANCE PROGRAM TABULATION

CYBER/PRIVACY INSURANCE MARKET SURVEY 2016

ForeFront Portfolio SM For Not-for-Profit Organizations Directors & Officers. Insuring Clauses

Title: Design a Limited Edition Movie Poster for Kingsman: The Secret Service Work: Submit a poster design Sponsor: 20th Century Fox

LIBERTY INSURANCE UNDERWRITERS, INC. (The Liberty Mutual Group)

Post-Class Quiz: Information Security and Risk Management Domain

Cybersecurity Insurance: New Risks and New Challenges

ConSept: Policy Highlights: Other Coverage Features

Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications

2017 Cyber Security and Data Privacy Study

Errors and Omissions, Media and Privacy (EMP) Claims Examples

About Chubb. Chubb Limited, the parent company of Chubb, is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index.

FM Global. First-Party Property Cyber Coverage

Transcription:

www.mcgrathinsurance.com Cyber Security Liability: How to protect your business from a cyber security threat or breach. 01001101011000110100011101110010011000010111010001101000001000000100100101101110011100110111 01010111001001100001011011100110001101100101001000000100011101110010011011110111010101110000 00100000010010010110111001100011001011100100110101100011010001110111001001100001011101000110 10000010000001001001011011100111001101110101011100100110000101101110011000110110010100100000 01000111011100100110111101110101011100000010000001001001011011100110001100101110010011010110 00110100011101110010011000010111010001101000001000000100100101101110011100110111010101110010 01100001011011100110001101100101001000000100011101110010011011110111010101110000001000000100 10010110111001100011001011100100110101100011010001110111001001100001011101000110100000100000 01001001011011100111001101110101011100100110000101101110011000110110010100100000010001110111 00100110111101110101011100000010000001001001011011100110001100101110010011010110001101000111 01110010011000010111010001101000001000000100100101101110011100110111010101110010011000010110 11100110001101100101001000000100011101110010011011110111010101110000001000000100100101101110 01100011001011100100110101100011010001110111001001100001011101000110100000100000010010010110 11100111001101110101011100100110000101101110011000110110010100100000010001110111001001101111 01110101011100000010000001001001011011100110001100101110010011010110001101000111011100100110 00010111010001101000001000000100100101101110011100110111010101110010011000010110111001100011 01100101001000000100011101110010011011110111010101110000001000000100100101101110011000110010 11100100110101100011010001110111001001100001011101000110100000100000010010010110111001110011 01110101011100100110000101101110011000110110010100100000010001110111001001101111011101010111 00000010000001001001011011100110001100101110010011010110001101000111011100100110000101110100

Table of Contents: Introduction to Cyber Liability Insurance... 3 The Six Key Areas of Cyber Liability... 4 Third Party Liability Agreements... 4 First Party Agreements... 5 Coverage Triggers... 6 Types of Data Covered... 6 Remediation Costs Covered... 6 Remediation Coverage Services... 6 Seven Steps to Establish or Improve your Cyber Security Program... 7 The Future of Cyber Liability...8 2

Introduction to Cyber Liability Insurance: There is a common saying in the cyber security industry. There are two types of business in this world: those that experience a breach and realize it, and those that experience a breach and do not. Businesses of all sizes are vulnerable to a cyber security breach, and although larger corporations receive more widespread recognition when a breach occurs, the aftermath of one for a small business can have extremely damaging effects. You might be asking yourself how your business is at risk for a cyber security breach if no business is conducted online. Every business has the potential for exposure when storing an individual s personally identifiable information (PII), either electronically or with paper files. Traditional liability products do not address the exposure and risk concerns of cyber security. As businesses across the globe begin to increasingly rely on technology to accomplish daily business operations, their risk for a cyber breach increases. A cyber security liability policy protects businesses from a breach regarding the private information of clients such as credit card numbers, Social Security numbers, medical information, etc. Cyber crime, espionage and other malicious cyber activity cost the United States anywhere from $24 billion to $120 billion annually. Report conducted by McAfee and the Center for Strategic and International Studies1. 3

The Six Key Areas of Cyber Liability: Coverage for a cyber liability policy can be separated into two sections: Third Party Liability Agreements and First Party Agreements. Currently, the market for cyber security primarily focuses on the response efforts of a data breach, coverage that is primarily found on all cyber policies. In summary, a cyber liability policy protects an organization in relation to three areas: liability, remediation efforts, and fines and/or penalties. There are six key areas to consider when looking to purchase a cyber security policy2: Third Party Liability Agreements First Party Agreements Coverage Triggers Types of Data Covered Remediation Costs Covered Remediation Coverage Services 1. Third Party Liability Agreements: Network and Information Security Liability Services provided by or through the facilities of any electronic or computer communication system, interbank payment or settlement systems, automated teller machines (ATM), and point of sale terminals. Includes coverage of any shared networks, Internet access facilities, etc. where the insured allows the input, output, examination or transfer of data or programs to a computer system. Communication and Media Liability Unauthorized use or infringement of, copyright, title, slogan, trademark, trade dress, domain name, logo or service name in company materials. Plagiarism or unauthorized use of a literacy or artistic format or character in company materials. Invasion or interface with an individual s right to publicity, including commercial appropriation of name, persona, voice or likeness in company materials. Defamation, libel, slander, trade libel, or other tort related to disparagement or harm to the reputation or character of any person or organization in company materials. Regulatory Defense Expenses Costs associated with defense, such as the investigation, defense settlement and appeal of a claim. Includes the cost of expert consultants and witnesses, premiums for appeal, injunction, etc. Costs of regulatory claims brought by, or on behalf of, any state attorney s general, the Federal Trade Commission, the Federal Communications Commission, or any federal, state, local, or foreign government entity in such entity s regulatory or official capacity. 4

2. First Party Agreements: Crisis Management Event Expenses: Reasonable fees, costs, and expenses incurred for public relations services to mitigate any actual or potential negative publicity. Security Breach Remediation and Notification Expenses: Reasonable fees, costs and expenses which can be directly attributed to a security breach, such as determining whose identity information was compromised, developing documents or materials to notify affected persons, costs of mailings or other communication notifications required, and costs of credit monitoring services and call centers. Includes fees, costs or expenses of purchasing an identity fraud insurance policy in order to provide reimbursement of identity fraud related expenses. Computer Program and Electronic Data Restoration Expenses: Restoration expenses directly caused by a computer virus or damage to, or destruction of, computer programs, software, or other electronic data stored within a computer system by an employee who has gained unauthorized access or authorized access used to cause damage or destruction to a computer system. Computer Fraud: Costs resulting from a computer fraud loss directly caused by an intentional, unauthorized and fraudulent entry or change of data and/or computer instructions by a person other than an employee, independent contractor or an individual working under the supervision of the insured organization Funds Transfer Fraud: An intentional, unauthorized, and fraudulent instruction transmitted by electronic means to a financial institution to debit an account and to transfer, pay or deliver money or securities from an account without the knowledge or consent of the insured organization. E-Commerce Extortion: Threats made to the insured by an individual other than an employee with intention to 1) transfer, pay or deliver any funds or property without consent; 2) sell or disclose information about a customer which is unique to the relationship of the customer and not publicly available; 3) alter, damage, or destroy any computer program, software, or data; 4) maliciously or fraudulently introduce a computer virus; 5) initiate an intentional attack on a computer system that depletes system resources or access to the Internet. Business Interruption and Additional Expenses: The sum of business income loss and extra expenses directly resulting from a computer system disruption. Usually based on the actual business interruption loss the insured sustains per hour. 5

3. Coverage Triggers: Coverage on a cyber liability policy can be triggered by a wrongful act, be it actual or alleged, and includes some of the following: Failure to secure data Loss caused by an employee Acts by persons other than insureds Loss resulting from the theft or disappearance of private property 4. Types of Data Covered: Depending on the carrier, specific types of data covered by the policy may be listed. Covered data can include: An individual s personally identifiable information (PII) Non-public data (i.e. corporate information) Non-electronic data (i.e. paper records, printouts) 5. Remediation Costs Covered: Remediation costs are associated with the costs of responding to a data breach. Businesses may be required to notify customers of the breach and provide additional protective services. Remediation cost coverage can include: Crisis management services Notification of potentially affected customers Credit monitoring Costs to ensure the data is secure once again 6. Remediation Coverage Services: Your business could better benefit from a cyber security policy if the remediation services are prenegotiated and prepackaged. This ensures what steps will be taken in response to the breach. Prepackaged or prenegotiated services sometimes require the use of a designated vendor, written consent of the carrier to use the services, and time limits. 6

Seven Steps to Establish or Improve your Cyber Security Program: The National Institute of Standards and Technology (NIST) released the Framework for Improving Critical Infrastructure Cybersecurity, a publication detailing the voluntary industry standards and best practices to prevent cyber attacks. These guidelines should be utilized to complement an organization s existing risk management and cyber security programs. The seven steps outlined in the Framework can be used to create a cyber security program or to improve upon an existing one3: 1. Prioritize and Scope Identify business/mission objectives and high-level organizational priorities. Make strategic decisions regarding cyber security implementations and determine the scope of systems and assets that support the selected business line or process. 2. Orient and Identify Identify related systems and assets, regulatory requirements and overall risk approach. Then identify threats to, and vulnerabilities of, those systems and assets. 3. Create a Current Profile Develop a current profile by indicating which outcomes from the Framework core are currently being achieved. 4. Conduct a Risk Assessment This assessment can be guided by the organization s overall risk management process or previous risk assessment activities. The organization analyzes the operational environment in order to discern the likelihood of a cyber security event and the impact that the event could have on the organization. It is important that organizations seek to incorporate emerging risks, threats, and vulnerable data to facilitate a robust understanding of the likelihood and impact of cyber security events. 5. Create a Target Profile Create a target profile that corresponds to desired cyber security outcomes. Consider influences and requirements of external stakeholders such as sector entities, customers, and business partners when creating a target profile. 6. Determine, Analyze, and Prioritize Gaps Compare the current and target profiles. Create a prioritized action plan to address those gaps that draw upon mission drivers, a cost/benefit analysis and understanding of risk to achieve the outcomes in the target profile. 7. Implement an Action Plan Determine which actions to take with regard to the gaps, if any, identified in the previous step. Monitor current cyber security practices against the target profile. 7

The Future of Cyber Insurance: In this day and age there is a heavy reliance on technology, both for business and personal use. Technology is rapidly evolving, exposing businesses of all sizes to the risk of cyber threats. This begs the question, as to whether there is more to be concerned about when it comes to cyber risk? With the significant advances in technology, also comes new and unforeseen dangers. Experts in the field believe that cyber threats are just as serious, and possibly more dangerous, than other catastrophic events. Data theft is not the only cyber risk businesses should be preparing for anymore. New cyber concerns are arising and the question is not if they will happen, but when: medical technology advancements, driverless cars, unmanned aircraft systems (UAS), energy and power grids4. Each technological advancement poses a new threat, and as a result, hackers remain determined to find the flaws in a system s security. Cyber risk is a reality, and just like any risk, businesses must find a way of managing this new exposure. By developing policies and procedures to identify and address the vulnerabilities in your system, you are preparing for what all businesses inevitably will face: a cyber security breach. Endnotes: 1 Siegel, Katie. Risk & Insurance, Brokers Balking at Cyber Insurance, February 2014. 2 Betterley, Richard S. The Betterley Report, Cyber/Privacy Insurance Market Survey 2013, June 2013. 3 National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity. (www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf) 4 Kerr, Michael & Berg, Joel. Risk & Insurance, Cyber: The New CAT, April 2014. 8

www.mcgrathinsurance.com Sturbridge Location: 258 Main Street Sturbridge, MA 01566 (T) 508.347.6850 (F) 508.347.6858 Spencer Location: 130 West Main Street Spencer, MA 01562 (T) 508.885.6545 (F) 508.885.4670 About Us: McGrath Insurance Group, Inc. of Sturbridge, Mass., is a full-service insurance agency that provides business insurance, personal insurance, employee benefits and specialty insurance products to clients throughout New England. An independent agency, McGrath Insurance is not tied to any one insurance carrier and has long-term relationships with the top national carriers of property & casualty insurance, life insurance and other insurance products. This creates an opportunity to provide clients with the best coverage available at a competitive price.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback