Cyber Risk & Cyber Coverage

Cyber Risk Insurance is Rapidly Emerging as a

Must for Businesses Large & Small in Every

Industry, Including Community Associations!

Cyber Insurance Overview

• What is Cyber Insurance?

• Why do Community Associations needCyber Coverage?

• Are there Different Types of Cyber Policies?

1. Do you know what to do in the event of a breach?2. How much does a breach cost?

What is a Breach?• Failure to prevent unauthorized access to, or use of, electronic or non-

electronic data containing personal identifiable information (PII)

• Failure to prevent the transmission of a computer virus into a computer network that is not rented, owned, leased by, licensed to, or under the direct operational control of, the association or property manager

• Failure to provide any authorized user of the association or property manager’s website or computer system with access to such website or system

• Failure to provide notification of any actual or potential unauthorized access to, or use of, data containing private or confidential information of others if such notification is required by any applicable security breach law

• “Nonpublic Personal Information”

• Medical or Health Care Information

• Private Personal Information by state

• Unique Identity Numbers – driver’s license, state ID number, SSN, unpublished phone numbers, card numbers, passwords, PINs, access codes

What is PII?

Calculating Costs of Breaches1. Forensic Examination2. Notification of Affected Third-parties3. Call Centers4. Credit/Identity Monitoring5. Public Relations6. Legal Defense7. Fines and Penalties from Regulatory Proceedings

and PCI DSS violations8. Comprehensive Written Information

Security Program

Cyber Breaches – Fact or Fiction?1. A Cyber Breach only occurs with data stored on a computer or through

other electronic means.

The above is Fiction: In reality, paper files may also be considered Personal Identifiable Information (PII) and if they are not stored or destroyed properly, may lead to a breach.

Insuring AgreementsNetwork and Information Security Liability (3rd Party Insuring Agreement: A)

Coverage for claims arising from:

Failure to prevent unauthorized access to data, failure to provide notification of a data breach where required by law, transmission of a computer virus, and failure to provide authorized users with access to the company website

Claim Example: The property manager hired by a HOA experiences a data breach involving payment card data of residents. Homeowners file a lawsuit against the HOA and Property Manager for their failure to prevent unauthorized access to this data.

8

Insuring Agreements

9

Regulatory Defense Expenses (3rd Party Insuring Agreement: C)

Coverage for governmental claims made as a result of network and information security liability or communications and media liability

Claim Example: The attorney general brings regulatory action againstthe HOA and Property manager for failure to protect the identityinformation of residents, including an assessment of fines / penalties.

Insuring Agreements

10

Security Breach Remediation and Notification Expenses (1st Party Insuring Agreement: E)

Coverage for costs associated with notification of individuals breached, credit monitoring for 365 days or longer where required by law, fraud expense reimbursement, and a call center.- Reimbursement coverage for services provided by an Approved Service

Provider

Claim Example: As a result of the data breach, the HOA is responsible for notifying individuals whose PII was compromised. Notification costs include:- Legal Services to comply with specific notification / privacy laws- Forensic Investigation- Credit Monitoring and ID Fraud policies for affected individuals

10

Insuring Agreements

11

Crisis Management Event Expenses (1st Party Insuring Agreement: D)

Coverage for public relations services to mitigate negative publicity

Claim Example: A public relations firm is hired to restore community confidence in the HOA and property manager and to mitigate negative publicity generated from the incident

11

Cyber Breaches – Fact or Fiction?

2. My association is not liable for a breach since the property management company handles all of our resident data and information.

The above is Fiction: Associations are still ultimately responsible for the data of its residents, even if the data is handled exclusively by the property manager. It is important to review the management contract for mention of who is held liable in the event of a breach.

Other Coverages Availablein a Standard Cyber Policy

Communications and Media Limit of Liability Business Interruption and Additional Expenses E-Commerce Extortion Computer Program and Electronic Data

Restoration Expenses Computer Fraud Funds Transfer Fraud

13

Cyber Breaches – Fact or Fiction?

3. My association collects no personal information other than addresses, and we are either self-managed or our property manager doesn’t collect this information either. We have no exposure to a breach.

The above is Fiction: If your community has a website or the property manager provides an online portal for paying dues, there is still the potential for a breach. Emails and newsletters infected with viruses are also potential exposures.

Q & A15