Cyber Liability - ASBSD

Cyber Liability

RYAN DOYLE AREA ASSISTANT VICE PRESIDENT

© 2013 ARTHUR J. GALLAGHER & CO.Q:\2013\BSD\PPT\ESIC Property Casualty Summary.pptx

© 2012 ARTHUR J. GALLAGHER & CO.

Presentation Overview

•Cyber Liability Coverage

•Exposures Schools Face

•Risk Management



What is Cyber Liability Coverage?

• Protects your School against a data breach and the expenses associated with the breach» Coverages include:

» Privacy liability

» Breach notification

» Media liability

» System damage

» Business interruption

» Regulatory proceedings

» Cyber threats

» Cyber extortion

» Cyber deception*



Common Misconceptions

• “We have the latest technology and software available to protect our electronic information and systems” » “We have great security, but I’m sure Target thought they had great security before they were

hacked into.” One organization leader’s response to why they purchase cyber insurance.

• “If our network is breached, we are covered under our general liability or other insurance policies” » You cannot rely on your general liability policy to respond to a breach; it usually has a specific

exclusion for breach response expenses and other cyber-related losses, as do most other non-cyber policies.

• “ Cyber liability notification requirements only apply to commercial businesses” » Laws where the affected individual resides apply bringing other state laws into play (where

immunity may apply in home state); Also, federal laws and PCI-DSS requirements apply to libraries.

• “If we had a data breach, we could handle the notification requirements ourselves.” » Time consuming, extremely complicated and costly process – difficult to execute without mistakes if

legal and management teams not experienced .



Why You Should Consider Cyber Coverage

• Schools have sensitive information stored both in electronic and hard copy formats» Staff

» Students

» Volunteers

•Use of 3rd party credit card processors and electronic banking» PCI assessments are the responsibility of the school receiving

the payment

• Traditional insurance policies don’t provide adequate, if any coverage» Cyber policies can help schools manage a Cyber crisis


What Exposures Do Schools Face?

10%

11%

7%

13%

10%

45%

4%Percentage of Data Breaches by Industry Sector (2005-2017)

Business Financial and InsuranceServices

Business Other

Business Retail Merchant IncludingOnline

Educational Institutions

Government & Military

Healthcare, Medical Providers &Medical Insurance Services

Nonprofits



What Exposures Do Schools Face?

• Digital Assets – Cloud Storage» What is “the cloud”?

Simplified answer: The cloud is a generic reference to software or infrastructure used to remotely store or access data.

» Generally requires that a third party stores your data. Student Information Systems

Financial Information Systems

Employee Information Systems

» How does the cloud increase exposure? How is the data stored / protected?

What does the contract with the cloud provider say?

What are the termination provisions?

» How much would it cost to restore/recreate the data/programs stored on the cloud?



How Much Does a Breach Cost?

•Average breach cost per record for educational

risks = $800

•Number of records?

»Current and former Students & Parents

»Current and former Employees

»Current and former Vendors

• Do the math….. $800 X 50 records = $40,000



What Risks Do You See?





Risk Management

•Data Security Plan

»Take stock (know what personal info you

hold/inventory all equipment and info)

»Record retention policy (keep the minimum PII you

need for the minimum amount of time required)

»Pitch it (If you don’t need it, dispose of it properly)

»Lock it (protect what you have)

»Plan ahead (development of an Incident Response

Plan)



Coverage Descriptions



Claim Examples

• Personally Identifiable Information (PII) of 5,000 students was

displayed on the school’s website due to a technical problem.

Children’s names were included in the PII listed.

• Ransomware attacks caused a school significant time and expense to

identify and terminate the threat, and then repair and reconstruct the

data affected by the attack. The malicious code also was responsible

for sending out copyrighted material and viruses through the school’s

Wi-Fi network, potentially causing harm to other third parties and

opening the school up to further liability.

• A school district’s system was hacked resulting in the entire network

being taken down for multiple days to assess the threat and ensure

proper security before continuing operations.

• https://www.privacyrights.org/ click “DATA BREACHES”

https://www.privacyrights.org/



How Insurance Helps

•Peace of mind

•Expert Resources ….experience matters

•Negotiated partnerships with privacy counsel,

incident response vendors = more value for

your insurance dollars

•Helps insure compliance, protects reputation,

ensures operational efficiencies, preserves jobs



What to Do in the Event of a Claim

•Contact your insurance company hotline

»Most insurance companies provide a 24 hour

emergency call to provide assistance

•Contact your IT, Principals, Superintendent, etc.

» It is important to have the necessary individuals

identified prior to an incident

•DO NOT IGNORE


Any Questions?

Thank you!

Cyber Liability - ASBSD

Documents