Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
20 Questions to ask your Cyber Carrier - Wis Banker 12-2015
1. Midwest Bankers Insurance Services (MBIS):
20 Basic Questions Community Bankers Should Ask
When Discussing Cyber Liability Protection
By Jeff Otteson
Community banks are
under heightened regulatory
pressure to safeguard their
customer’s confidential data.
Bank examiners are starting
to focus attention to the bank’s
cyber liability insurance
policy, security breach expense
coverages and security breach
contingency plans. According
to the NetDiligence 2015
Cyber Claims Study, nearly 20
percent of reported breaches
occurred within the financial
services sector.
Having a properly
structured cyber liability and
breach response expense
insurance policy has never
been more crucial given the
increased risk exposure and
various policy forms in the
marketplace. These policies
are not only written to cover
entities, but also directors and
officers. Below are 20 basic
questions bankers should be
asking when discussing cyber
liability policy protection:
1) What is our cyber liability
policy limit and retention?
Should the bank and board of
directors be named in a security
breach liability claim? Does
this limit include defense cost,
settlements and judgments?
2) Is the cyber liability
policy limit and retention in
line with banks of our asset
size, electronic banking
capabilities and board room
sensitivity to cyber liability
risk exposure?
3) Will a paid cyber
liability, electronic publishing
or security breach expense
claim erode the aggregate
directors and officers liability
policy limit for that policy
period? (Vice versa on a paid
directors and officers claim
eroding cyber liability limit)
4) Do we have coverage for
a cyber liability claim when
the claim is brought forth by
a regulatory authority? If so
is the limit the same as the
liability limit? Is regulatory
coverage defense cost only or
does it also provide coverage
for fines, penalties, judgment
and settlements?
5) Given the fact that the
two key players after a security
breach are general counsel and
a forensic evidence specialist,
would the expense of a forensic
evidence specialist be covered?
If so is this limit shared with
other expense limits and or the
liability limit?
6) What is the expense limit
if we are ordered to provide
customer notifications after
a security breach? Does this
expense limit cover voluntary
notifications?
7) What is the expense limit
to provide credit monitoring
and ID monitoring for all
affected individuals?
8) What expense limit do
we have if we need to hire a
public relations firm to help
restore our bank’s reputation
in our trade territory after we
have suffered a breach? Is this
limit shared with any other
expense limits?
9) Are the expense limits
in questions number five, six,
seven and eight shared? Do the
expense limits also share limits
with the cyber liability limit in
question number one?
10) If our bank did have
a cyber liability claim would
the insurer choose our defense
counsel, or would the bank
choose defense counsel with
insurer approval?
11) What exclusions could
come into play that could
prevent a cyber liability or
breach response expense claim
from being paid?
12) What types of data
losses are covered by the policy?
What about non-electronic data
such as paper files?
13) If a third-party
vendor that we have a written
agreement with was to suffer
a security breach and bank
customers brought a liability
claim against any insured
would we have defense and
liability coverage?
14) Do we have coverage
for electronic publishing of
material via our website or
social media? Other than
trademark and copyright
infringement, defamation,
disparagement, libel,
slander, plagiarism and
false advertising, what other
exposures are covered under
electronic publishing liability?
15) Does the cyber
liability insurer offer a cyber
risk management website that
can assist with IT policies and
procedures, latest security
breach threats, risk assessment
tools, etc.?
16) Does the policy provide
for a call center for affected
individuals to contact after data
breach? If so what services are
included at this call center?
17) Does the insurer
have prearranged agreements
in place with companies
than can assist in providing
notifications, credit report and
ID monitoring?
MIDWEST BANKERS
Insurance Services
We Protect You
from the Unexpected
» JEFF OTTESON
Vice President of Sales
jeffo@mbisllc.com
608.217.5219
» DARYLL LUND
MBIS President
dlund@wisbank.com
608.441.1203
» www.mbisllc.com «
PROFESSIONAL/SPECIALTY LINES
» Financial Institution Bond
» Excess Deposit Bond
LENDING RELATED LINES
» Mortgage Protection
» Workers Compensation
PROPERTY & CASUALTY LINES
Insurance
Insights
Jeff Otteson
MBIS
16 DECEMBER 2015
(continued on p. 17)
2. Bankers Hone Software Skills During TRID Rollout
FIPCO Forum
provides training,
tools for customers
On October 21-22, bankers
from around the state gathered
in Stevens Point to take
charge and face their bank’s
compliance challenges
head-on by participating in
the 2015 FIPCO Compliance
& Software Forum – Loan
and Mortgage. Attendees
learned valuable tips for
increasing your productivity,
profitability and compliance
proficiency. With both beginner
and advanced sessions
available, this event provided
value for both novice and
expert FIPCO software users.
Attendees also received
a plethora of information
about how to integrate the
new TRID rules into their
Compliance Concierge
software practices, as well as
updated information about the
regulation itself.
In addition, the conference
featured sessions which
focused on consumer,
commercial and agricultural
loans (from beginner to
advanced), FAQs about
Compliance Concierge, and
software tips and shortcuts
to increase efficiency. Topics
covered during the conference
were, as always, based on
feedback and requests received
by FIPCO’s customers. Several
sessions were facilitated by
members of the Wisconsin
Bankers Association Legal
Department and the FIPCO
Software Development,
Technical and Training
Departments. With exclusive
knowledge of Compliance
Concierge™ software, the
FIPCO team offers expertise
that remains unmatched in the
industry, elevating this forum
above all other events.
For more information about
FIPCO forms, software, or
other products, visit www.fipco.
com, call 800/722-3498 or
email fipcosales@fipco.com.
18) Does the policy provide
coverage for loss of business
income and extra expense due
to system interruption? If so
what is the limit, deductible
and waiting period?
19) Does the cyber
liability policy provide
payment or expenses for cyber
threats or cyber extortion?
20) What is the insurer
track record of assisting their
insureds with data breaches?
How many data breaches have
they been involved in?
Cyber liability risks
and the policies that cover
them are changing at a fast
pace. Education is key;
understanding how your policy
reacts to today’s cyber threats
is critical. You don’t want to
discover at the time of a breach
that the cyber liability policy
that was purchased does not
provide sufficient coverage.
Otteson is vice president – sales
at MBIS, a joint venture by the
Minnesota Bankers Association
and the Wisconsin Bankers As-
sociation. If you are interested
in finding out more about MBIS
or the products available please
contact Jeff at 608/217-5219 or
jeffo@mbisllc.com.
Thank You to Our
2015 Forum Sponsors:
» American Bank Systems
» Arch Mortgage Insurance
» Federal Home Loan Bank
of Chicago
» Kroll Factual Data
» Merchants Bank
Cyber Liability
(continued from p. 16)
DECEMBER 2015 17
Forum Notebooks Available
Missed the event? You can still benefit
from this helpful resource!
If you were unable to attend the Loan and Mortgage Software
& Compliance Forum, but would still like to benefit from the
information shared during the event, you’re in luck! Copies of
the 2015 conference notebook are now available. Containing
important information related to Compliance Concierge™
software, this is a must-have informational resource for your
institution. Topics covered include:
» Compliance Concierge™:
Tips and Shortcuts; Agricultural Loans & Lines of Credit;
Commercial Loans & Lines of Credit; Manufactured
Homes and HELOCs; Consumer Loans & Lines of Credit;
Admin Parameters and TRID.
» Other topics:
1003 Application Liabilities & 1008 Underwriting
Transmittal Summary; Flood Insurance; and Legal Review
– Regulatory Spotlight Focused on TRID.
For further details, or to place an order, visit www.fipco.
com or contact the FIPCO Customer Service Department at
800/722-3498, fipcosales@fipco.com.
I didn’t know...
offered a loan origination and deposit
account opening suite
FIPCO
“We are very happy with the
Compliance Concierge™
software and we have a good size
ag portfolio. We use the system for all
the documents including those that we
sell to Farmer Mac.
Karen Jorgensen l Community State Bank, Union Grove
Contact us today to schedule
a complimentary consultation.
fipcosales@fipco.com
800.722.3498
”