#7 insurance
TRANSCRIPT
What do you want? What do you need? What’s available? How much can you actually get? How much does it really cost?
Kimberly K. Ferenchak, Vice-PresidentOswald Companies
Robert A. Cutbirth, Esq.Tucker Ellis LLP
Insurance – Buying the Right Coverage
OSWALD LOGO
Insurance … The Trends
Justifications for Not Buying
• “Our company isn’t large enough to be a target for hackers and data thieves.”
• Disgruntled Employees/Accidental Disclosures
• “We have (or believe we have) coverage through CGL/E&O/D&O Policy”
• New Data Breach Exclusions for CGL• Limited Scope
• “We outsource data functions to third party vendors; this is their problem”
• Nondelegable Duty/Contractual and Coverage Limitations
“Incentives” to Promote Change?
• Contractual Requirements– New Client/Vendor Requirements
• Major Financial Risks– The Risk Exposures are Significant
• New Standards of Liability– New Laws and Regulations
• New Levels of Board Awareness/Corporate Governance Standards
First Party Insurance ElementsFirst Party Coverages (Losses/expenses incurred by insured)• Event Management Expense: Coverage for notification costs, credit
monitoring/restoration services, legal assistance, forensic investigation costs, and costs to hire PR firm to minimize harm
• Cyber Extortion: Costs incurred to investigate and terminate an extortion threat to commit an intentional computer attack against the insured
• Information Asset: Covers replacement costs as a result of damage to or theft of insured’s information assets due to a covered computer attack (Data Restoration)
• Business Interruption: Coverage for loss (costs and lost income) in the wake of a computer attack that interrupts or suspends your business
Third Party Insurance ElementsThird Party Liability (Defense of Claims/Damages Owed To Others)
• Network Security Liability: Coverage for damages and defense costs resulting from breaches in network security; i.e., computer virus, unauthorized access, denial-of service, identity theft
• Privacy Liability: Coverage for failure to protect or wrongful disclosure of PI or PHI, whether or not due to failure of network security
• Privacy Regulatory Proceeding Coverage: Covers costs resulting from civil, administrative or regulatory proceedings alleging violation of privacy laws
• Electronic (Website) Media Liability Coverage: Coverage for content-based injuries such as libel, slander, defamation, copyright
Gaps in Traditional Coverage
D&O Property/GL Crime/Bond
Privacy & Security
Claim ScenarioPersonal Injury Coverage for defined
acts, including libel, slander, or publication of material in violation of a persons right to privacy
Legal liability only; Electronic platforms (i.e.: Internet, chat rooms, blogs, etc.) are typically excluded
No coverage Can offer defense and damages for libel, slander, disparagement, invasion of privacy (including electronic platforms)
Intellectual Property
No exclusion for individual insureds; Entity exclusion may provide carve-back for “publisher wrongful acts”
Must be in the course of advertising; No coverage for patent or trade secrets
No coverage Coverage available for trade secrets and other intellectual property exposures
Gaps in Traditional CoverageD&O Property/GL Crime/
BondPrivacy & Security
Claim ScenarioNotification of Security Breach
No coverage No coverage No coverage Coverage available (subject to carrier differentiators)
Credit Monitoring Fees
No coverage No coverage No coverage Coverage available (subject to carrier differentiators)
Crisis Management
No coverage No coverage No coverage Coverage available (subject to carrier differentiators)
Gaps in Traditional CoverageD&O Property/GL Crime/
BondPrivacy & Security
Claim ScenarioRegulatory Proceedings/ Fines/Penalties
Fines/penalties generally excluded; HIPAA sublimit provided
No coverage No coverage Coverage available for privacy-related regulatory actions, defense costs, fines & penalties
Theft of Client Money, Securities, or Property
No coverage No coverage Coverage available for assets only; No coverage for liabilities resulting from ID theft
Coverage available for liabilities resulting from ID theft
Business Interruption / Extra Expense
No coverage Coverage available for non-network/ privacy losses
No coverage Coverage available for network/privacy losses
The Costs and Underwriting Requirements• Costs
– Generally run 1% to 5% of the Limit of Liabilitydepending on: • Scope of Coverage• Business Risk (e.g., Medical vs. Mfrg. vs. Law Firm, etc.)• Risk Management Assessments and Preventative Measures
• Underwriting Requirements and Standards– Must Usually Demonstrate “Prudent Risk Management”– Underwriting Questions/Investigations are Becoming
More Significant and Sophisticated
Underwriting Reviews• Current and Complete Business Policies (Employee
Confidentiality/IT Acceptable Use Policies/Social Media Policies)
• Contracts – Internal and External Reviews• IT Systems Review (Updates/Passwords/PDA Standards/Data
Encryption/“Cloud” Storage)
• Physical Location Inspections (Physical Access/Natural Risks)
• HIPAA/HITECH, etc., Compliance (Updated Bus. Assoc. Agmts; Equipment Reviews)
• Personnel Records Management (Access/Storage)
• Employee Training/Standards of Education
Brokers and Counsel – “Risk Management”/“Underwriting Reviews”
• Contract Reviews– Proper Indemnity & Insurance Provisions– Security/Data Protection Standards
• Policy Reviews and Development– Updated and Appropriate Policies– Clear and Enforceable (Personnel and Defense Standards)
• Process & Procedure Reviews – the “How Do I …”– Negotiate Contract Terms– Train Employees– Maintain Quality Control/Checks and Balances
This presentation is not intended to give legal or regulatory advice. The information presented in this Presentation is for
preliminary information purposes only; it is not intended to be a complete description of all legal risks or exposures , or potential
insurance solutions.. Any coverage actually afforded by potential polices described herein is subject to, and governed by, the terms
and conditions of each policy that may be issued, with different insurers providing different coverage terms.
Kimberly K. FerenchakVice PresidentPractice Leader, P&C Executive Risk216.367.4942 [email protected]
Oswald Companies1100 Superior Avenue, Suite 1500 Cleveland, OH 44114
Robert A. CutbirthAttorney, Insurance, Labor and Data Security/Privacy415.617.2235 [email protected]
Tucker Ellis LLPOne Market PlazaSteuart Tower, Suite 700San Francisco, CA 94105
QUESTIONS?