The League Association of Risk Management (LARM) is now providing Cyber Liability Coverage for its 164 members across Nebraska.
“We know how much government entities rely on their computer networks for ready access to billing, water service, employee records and much more. Unfortunately, those networks are susceptible to hackers who, in some instances, install ransomware requiring payment to reliquish control of the networks. LARM board members recognize that cyber liability coverage is vital to our members and voted to include this as part of our coverage,” said Mike Nolan, LARM Executive Director.
The number of cyber incidents involving government agencies jumped 35 percent between 2010 and 2013, from roughly 34,000 to about 46,000, according to a report by the Government Accountability Office. Currently the Department of Homeland Security stresses that, for national security, members of the private and government sectors purchase cybersecurity insurance.
“There are a variety of risk exposures a government entity has that comes with using computers, email and the Internet. An employee may bring a virus infected thumb drive to work that infects all of the office computers. Because of that breach, not only can sensitive information be altered, corrupted, destroyed, or deleted, credit card and social security number information from citizens can be taken. An inadvertent click on a web page may be all that it takes for a system to become unusable,” Nolan said.
The first part of the new LARM cyber liability coverage includes breach notification so that if a member has a breach to its computer system, the insurance will cover the cost of notifying customers.
The second part of the coverage provides Privacy Breach Response Services which includes Legal Services (for assistance with statutory notification requirements), Computer Expert Services/Forensics (to determine cause and remedy), and Public Relations and Crisis Management (to calm any public fears related to release of personal information).
The third part of the coverage involves Information Security and Privacy (ex: if the member is sued for damages due to breach of personal information). This would also include: Regulatory Defense and Penalties Aggregate (if state regulators assert state requirements were not met); Website Media and Content Liability (ex: A member posts a photo they liked to their Facebook/Twitter/Instagram account and the photographer sues the member for copyright violation); PCI Fines, Expenses and Costs Aggregate Sublimit (If a member is not Payment Card Industry compliant, and accepts credit cards, they can be fined by their processing bank if the card data is compromised) and Cyber Extortion (Someone “hacks” into the system, freezes it, and demands a ransom to release it back. This would trigger forensics and potentially other coverages depending on the nature of the unauthorized access.)
“It’s vital for cities to train their employees about good cyber safety practices and to protect and monitor information stored on office computers. If a breach occurs, LARM is behind you with cyber safety coverage to help you operate smoothly and safely again,” Nolan said.
As part of the cyber liability coverage, members will have access to a site on cybersafety at breachsolutions.com with tips on cybersafety. For more information, contact LARM Customer Service at 402-742-2604.
PROPERTY COVERAGE DOCUMENT
COMPREHENSIVE CRIME COVERAGE PART
Members are afforded $50,000 Crime Limit. Please see Section V of the LARM Property Coverage Document for all terms and conditions regarding this coverage extension.
LIABILITY COVERAGE DOCUMENT
A. Policy Aggregate Limit of Liability
• For all Damages, Claims Expense, Penalties & PCI Fines, Expenses
and Costs $500,000
• Aggregate Sublimit of Liability applicable to Insuring Agreement C
(Regulatory & Defense Penalties) $500,000
• Aggregate sublimit applicable to Insuring Agreement E
(PCI Fines, Expense and Costs) $500,000
B. Limits of Coverage for Privacy Breach Response Services
• Notified Individuals Limit of Coverage $150,000
o A sublimit of up to 10% of the Notified Individuals Limit of
Coverage applies to Notified Individuals residing outside of
the United States, which amount is part of and not in addition
to the Notified Individuals Limit of Coverage
• Aggregate Limit of Coverage for all Computer Expert Services, Legal
Services and Public Relations and Crisis Management Expenses combined:
o Coverage for all Privacy Breach Response Services is separate
from and in addition to the Policy Aggregate Limit of Liability.