Cyber Exposures: RisksWell-Suited for CaptiveInsurersJean Lamfers, Esq.Author of Cyber Insurance Policies, Consultant toNational & International Insurers and Partnerwith the Law Firm ofLamfers, Sheehan & Ozegovic, LLCWeSimplifyLaw.com and Lsolaw.com913-962-8200
Why Is Cyber Exposure a Concern for My Business? Because virtually all businesses access or store confidential information. Because employees and independent contractors DO make mistakes in how they handle private information. Because the employer is responsible for the acts of their employees. Because federal and state laws, in response to constituents’ demands, have evolved into essentially “strict liability” for privacy breaches.
Examples of Common, Recent Incidents Theft of Mobile Devices ◦ A county-owned laptop was stolen from a Las Vegas hotel room with 35,000 county residents’ personal information ◦ Info came from Dept of Motor Vehicles included social security numbers & drivers’ license numbers ◦ The good news: The device was password protected. ◦ The bad news: Regardless of password protection, the county had to notify potentially affected residents and take other remedial actions.
Examples of Common, Recent Incidents Security Companies Are Breached ◦ RSA, known for their patented, second-layer password protection system, was secretly sabotaged for an extended time period ◦ The system uses keychain fobs, which receive & display numerical sequences updated approx. every 60 seconds ◦ Users enter the displayed sequence from the fob within a given time as a secondary password protection to access their company’s computers remotely ◦ The system was in use by many high- security industries and the government
Examples of Common, Recent Incidents Paper Data Breaches Are Common ◦ A billing service for 4 hospitals in MA improperly “recycled” 3 years of patient records at a recycling transfer station ◦ A newspaper employee witnessed the “disposal” and retrieved samples ◦ The result: a public relations nightmare and overwhelming notification/audit process
Examples of Common, Recent Incidents Rogue Employees ◦ During an investigation of an employee’s own residential burglary, police found more than they expected ◦ A Thomson CompuMark Data employee was implicated after police collected info suggesting the employee had removed paper records with customer payment card info from his employer ◦ These types of incidents occur with hair- raising frequency in the restaurant, hotel, retail and nearly-every, consumer-related industry.
Costs and Outcomes Can BeExtraordinary Florida Attorney General settled with a check services company for $850,000 for its investigative costs and attorney’s fees plus $125,000 contribution to an educational crime prevention program. A former employee stole the personal data. (He’s serving nearly 5 years in federal prison.) State and federal regulators are using high profile incidents with sizeable awards or settlements as examples to spur prevention and curb knowing violations.
What Does Cyber Insurance Cover?Damages claims by third parties for network security breachesCosts incurred to notify persons impacted by a data breachRegulatory fines imposed by governmentsCosts to restore data lost or compromisedInvestigation costs for computer forensic analysis
What Does Cyber Insurance Cover?Crisis management costs--public relations and damage controlCoverage for losses to or caused by data that’s maintained by a third party on your company’s behalfCoverage for “gaps” in typical general liability policies for claims arising out of the creation and distribution of content on websites, blogs, or social media
Why Choose a Captive for Cyber Risks? Captives can deliver cyber insurance uniquely tailored for your business. You and your program developer decide what risks to insure. Risk management and risk audits can improve your bottom line. Top-Down implementation is more successful, which the captive structure inherently encourages.
The Law Firm of Lamfers,Sheehan & Ozegovic, LLC Relevant experience writing cyber insurance and errors and omissions insurance policies for well- known companies Extensive claims management experience in niche markets of technology, media, cyber and privacy Ability to deliver risk management and ongoing product support without the large firm overhead. Insurance industry contacts for successful placement of any requisite reinsurance.
Cyber Exposures: RisksWell-Suited for CaptiveInsurersJean Lamfers, Esq.Author of Cyber Insurance Policies, Consultant toNational & International Insurers and Partnerwith the Law Firm ofLamfers, Sheehan & Ozegovic, LLC6333 Long Avenue, Suite 102Shawnee, Kansas 66216WeSimplifyLaw.com and Lsolaw.firstname.lastname@example.org