Cyber Liability
Polaris
First Party Coverage
Third Party Coverage
-
Electronic Media – Protection where a GL policy’s advertising injury doesn't cover.
-
First-Party Business Interruption – Coverage if a virus interrupts your business operations and provides lost business income.
-
Cyberextortion – Covers hacker ransom demands and expenses.
-
First-Party Data Asset – Covers expense to recover lost data (depending on the risk).
-
Network Security – Covers your liability if hackers use your system.
-
Privacy – Covers your liability if private information is released.
-
Notification Expenses – I many states you are required to notify all potential victims within 9 days.
-
Credit Monitoring – Up to 1 year of credit monitoring services for those exposed.
-
Credit Repair Services – 1 year of services to repair credit damage resulting from actual identity theft.
-
Crisis Management – Public relations sublimit to protect the image of the insured.
-
Regulatory Defense and Expenses – Provides defense cost coverage and in some cases covers penalties where insurable.
-
Significant Cyber Liability Exposure Includes
-
Storing social security numbers, drivers license numbers, bank account numbers of clients or employees
-
Access to client health information
-
In the process of going paperless or storing paper files
-
Providing online access for members
-
Selling, donating or recycling computers
-
Investment Advisors
-
Posting pictures or information about members online
-
Relying on a computer network on a daily basis
-
Allowing laptops to be removed from the premises
-
Maintaining a social networking page
-
Maintaining a blog
Claim Scenarios
SPECIAL POINT OF INTEREST
The average cost of a data breach is $204 per lost record, with more than half of such costs attributable to lost customers and the associated public relations expenses to rebuild an organization’s reputation. The below examples illustrate situations in which the costs incurred to remediate a data breach were significant.
Theft of Digital Assets
A regional retailer contracted with a third party service provider. A burglar stole two laptops of the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.
Human Error
A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner. Instead, one person received both copies. The mistake sent tax forms and social security numbers to strangers. Approximately 50% of the landlords who work with the community action corporation received their forms in addition to the private information of the others.
Unauthorized Access
An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood the fraudulent purchases around the world.
Privacy Breach
An employee of a rehabilitation center improperly disposed of 4,000 client records in violation of the center’s privacy policy. The records contained social security numbers, credit and debit card account numbers, names, addresses, telephone numbers as well as sensitive medical information. The center settled the claim with the state of Massachusetts and agreed to pay fines and penalties imposed by the state as well as extend $890,000 in customer redress funds for credit monitoring on behalf of the victims.
An employee of a private high school mistakenly distributed via e-mail the names, social security numbers, birthdates and medical information of students and faculty creating a privacy breach. Overall, 1,250 individuals’ information was compromised.
Human Error
Theft of Digital Assets
A home healthcare organization had backup tapes, laptops and disks containing social security numbers, clinical and demographic information, and in a small number of cases, patient financial data that was stolen. In total, over 365,000 patient records were exposed. The organization settled with the state attorney general, providing patients with free credit monitoring, credit restoration to patients that were victims of identity fraud, and reimbursement to patients for direct losses that resulted from the data breach. The organization was also required to revamp its security policies, implement technical safeguards and conduct random compliance audits.
Need a quick estimate? Simply fill out the brief information in our secure online form
For more information or to receive a quote, please contact us at (888) 363-4747 or via email at cyber@polaris-ins.com