Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber for Beginners v2


Published on

  • Be the first to comment

  • Be the first to like this

Cyber for Beginners v2

  1. 1. Cyber Risk & Cyber Coverage Cyber Risk Insurance is Rapidly Emerging as a Must for Businesses Large & Small in Every Industry, Including Community Associations!
  2. 2. Cyber Insurance Overview • What is Cyber Insurance? • Why do Community Associations need Cyber Coverage? • Are there Different Types of Cyber Policies?
  3. 3. 1. Do you know what to do in the event of a breach? 2. How much does a breach cost?
  4. 4. What is a Breach? • Failure to prevent unauthorized access to, or use of, electronic or non- electronic data containing personal identifiable information (PII) • Failure to prevent the transmission of a computer virus into a computer network that is not rented, owned, leased by, licensed to, or under the direct operational control of, the association or property manager • Failure to provide any authorized user of the association or property manager’s website or computer system with access to such website or system • Failure to provide notification of any actual or potential unauthorized access to, or use of, data containing private or confidential information of others if such notification is required by any applicable security breach law
  5. 5. • “Nonpublic Personal Information” • Medical or Health Care Information • Private Personal Information by state • Unique Identity Numbers – driver’s license, state ID number, SSN, unpublished phone numbers, card numbers, passwords, PINs, access codes What is PII?
  6. 6. Calculating Costs of Breaches 1. Forensic Examination 2. Notification of Affected Third-parties 3. Call Centers 4. Credit/Identity Monitoring 5. Public Relations 6. Legal Defense 7. Fines and Penalties from Regulatory Proceedings and PCI DSS violations 8. Comprehensive Written Information Security Program
  7. 7. Cyber Breaches – Fact or Fiction? 1. A Cyber Breach only occurs with data stored on a computer or through other electronic means. The above is Fiction: In reality, paper files may also be considered Personal Identifiable Information (PII) and if they are not stored or destroyed properly, may lead to a breach.
  8. 8. Insuring Agreements Network and Information Security Liability (3rd Party Insuring Agreement: A) Coverage for claims arising from: Failure to prevent unauthorized access to data, failure to provide notification of a data breach where required by law, transmission of a computer virus, and failure to provide authorized users with access to the company website Claim Example: The property manager hired by a HOA experiences a data breach involving payment card data of residents. Homeowners file a lawsuit against the HOA and Property Manager for their failure to prevent unauthorized access to this data. 8
  9. 9. Insuring Agreements 9 Regulatory Defense Expenses (3rd Party Insuring Agreement: C) Coverage for governmental claims made as a result of network and information security liability or communications and media liability Claim Example: The attorney general brings regulatory action against the HOA and Property manager for failure to protect the identity information of residents, including an assessment of fines / penalties.
  10. 10. Insuring Agreements 10 Security Breach Remediation and Notification Expenses (1st Party Insuring Agreement: E) Coverage for costs associated with notification of individuals breached, credit monitoring for 365 days or longer where required by law, fraud expense reimbursement, and a call center. - Reimbursement coverage for services provided by an Approved Service Provider Claim Example: As a result of the data breach, the HOA is responsible for notifying individuals whose PII was compromised. Notification costs include: - Legal Services to comply with specific notification / privacy laws - Forensic Investigation - Credit Monitoring and ID Fraud policies for affected individuals 10
  11. 11. Insuring Agreements 11 Crisis Management Event Expenses (1st Party Insuring Agreement: D) Coverage for public relations services to mitigate negative publicity Claim Example: A public relations firm is hired to restore community confidence in the HOA and property manager and to mitigate negative publicity generated from the incident 11
  12. 12. Cyber Breaches – Fact or Fiction? 2. My association is not liable for a breach since the property management company handles all of our resident data and information. The above is Fiction: Associations are still ultimately responsible for the data of its residents, even if the data is handled exclusively by the property manager. It is important to review the management contract for mention of who is held liable in the event of a breach.
  13. 13. Other Coverages Available in a Standard Cyber Policy  Communications and Media Limit of Liability  Business Interruption and Additional Expenses  E-Commerce Extortion  Computer Program and Electronic Data Restoration Expenses  Computer Fraud  Funds Transfer Fraud 13
  14. 14. Cyber Breaches – Fact or Fiction? 3. My association collects no personal information other than addresses, and we are either self-managed or our property manager doesn’t collect this information either. We have no exposure to a breach. The above is Fiction: If your community has a website or the property manager provides an online portal for paying dues, there is still the potential for a breach. Emails and newsletters infected with viruses are also potential exposures.
  15. 15. Q & A 15