TOP 10 TIPS FOR CRAFTING THE BEST CYBER INSURANCE POLICY

The first insurance product related to cybercrime was developed in 1997 and protected against the hacking of websites. Since then, things have gotten more complex. Today there are many more ways to cause harm through the Internet and the consequences are more wide-ranging, including expensive violations of state and federal privacy law, theft of trade secrets, and the total shutdown of a business as evidenced by the recent hacking into Sony Pictures’ network systems. Not only are large corporations like Sony Pictures, Home Depot, and Target vulnerable; small firms that conduct business through the Internet and store sensitive client information on networks are vulnerable, too, such as law firms that collect personal information about clients for billing purposes.

The following 10 tips will help you start an important conversation between your firm and Narver Insurance to craft a comprehensive cyber-liability insurance policy to protect the assets your company has worked hard for.

Ask for retroactive coverage. Your firm needs to have coverage for a breach that occurred before you were aware it happened. Retroactive coverage insures prior unknown events that result in claims or expenses during the policy period. Think Target or Home Depot, neither of which knew that they were breached until many months after the event occurred. Retroactive coverage can be negotiated for one, two, five or 10-year periods and some insurers offer unlimited coverage. Be aware that some insurers do not offer this coverage.
Review the limits and sublimit clauses in the policy to ensure that they are adequate for your firm’s needs. Pay attention especially to the limits for crisis management and regulatory action expenses such as fines for state and federal privacy act violations.
Third Party coverage is essential. Does it include an Errors & […]

December 15th, 2014|News|

Who Ya Gonna Call?

It can be as simple as a misplaced mobile phone, a UBS drive that falls out of a pocket, a stolen laptop, or a system breach caused by a criminal. The common factor is data that is no longer in your firm’s control. You can have all the “best practices” in place to avert a cyber crime only to have it happen anyway.

Who ya gonna call: Ghostbusters?

New laws answer that question. State, federal and international laws govern your actions when your company faces a data breach. With the passage of California Assembly bill 1710 on Sept. 30, the list of “Who ya gonna call” includes a fraud alert service. The legislation requires that under certain circumstances an organization or person who experiences a data breach provide identity theft protection services to individuals whose personal information has been compromised. The statute requires a company that loses information to “offer affected individuals identity theft prevention and mitigation services … at no cost to the affected person for at least one year.” This requirement triggers ONLY when an individual’s name is tied to a social security number, a driver’s license number or a California ID number that has not been encrypted and has been acquired by an unauthorized person as the result of a data breach.

The new legislation also expanded the classification of California companies that fall under the statute: those who “maintain” personal information are legally required to implement reasonable security practices “appropriate to the nature of the information to protect data from unauthorized access, distribution, use, modification or disclosure.”

“Maintain” is defined as retention of personal information as part of the business’ “internal client or customer account for the purpose of using that information in business […]

October 31st, 2014|Uncategorized|

If you think Halloween is scary…

Technology infuses every successful business and nearly every function, making us more productive and efficient. But technology also creates a certain unease: We never know what will go wrong, or when.

We can be certain, however, that things will go wrong.

Now is a good time to review the potential issues — and find ways to prevent or protect against them – as October is Cyber Security Awareness Month, sponsored by the Department of Homeland Security: www.homelandsecurity.gov.

No one is immune from cyber attack, including the smallest businesses. In fact, they are sometimes more vulnerable because they don’t have staff assigned to information technology. Significantly, businesses with fewer than 250 employees were the target of 31 percent of all cyber attacks.[i]

Data breaches are not a mere annoyance. Nearly 45 percent of cyber attacks involve the loss of clients’ or customers’ names, passwords, and email addresses.[ii] When that happens, they look to you to make them whole. Even if their information was not hacked, they will expect you to protect them by supplying services to alert them if their bank accounts and other information is compromised.

Most cyber security problems are the result of malicious intent, with 76.8 percent of incidents caused by activities by people outside the targeted organization, according to “Risk Based Security, An Executive’s Guide to Data Breach Trends in 2012.

And protecting against that loss, along with the rest of a cyber attack aftermath, is becoming more expensive. One study showed that response costs following a breach — involving legal, regulatory, client identity protection services, among others — reached an average of $1.6 million per incident.[iii]

Breaches are more expensive per capita for smaller organizations, which pay $1,607 per employee, vs. the $437 of larger firms.[iv]

Unfortunately, the […]

October 31st, 2014|Uncategorized|