04/18/2022
Cyber Security Coverage - We have Errors and Omissions insurance. Isn’t that enough??
NO, An E&O/Professional Liability policy only covers loss due to damages resulting from the failure to provide professional services, negligence, preventable mistakes, incompetent work, and other professional errors. If a Title agent suffers a cyber-attack with only E&O in place, they will not have coverage for a significant portion of their actual expenses.
Errors & Omissions covers only the legal costs associated with a lawsuit, including attorney’s fees, court judgments, and, in some cases, settlements. This is considered third-party coverage, i.e., costs brought on by the action of third parties; clients, vendors, and government agencies.
This is why nearly every Title agent needs both E&O and Cyber Security Insurance coverages to prevent financial ruin after a cyber-attack.
Cyber Liability policies can also include other kinds of coverage:
1. Media liability, which covers costs stemming from violations of intellectual property, trademarks, and copyrights, as well as slander and libel.
2. Privacy is another common area for cyber liability coverage, though it covers offline data loss, too. In these cases, privacy insurance can cover costs associated with missing physical files, lost laptops, or even sending private information to the wrong e-mail address.
3. Social Engineering Fraud can be covered under two different areas a Crime Policy and/or Cyber Liability Policy.
Cyber Policy vs. Crime Policy
It may seem counterintuitive, but social engineering fraud is not always covered by a crime-policy. Even though this fraud often involves emails and wire transfers, all cyber policies are not designed to cover them either. As cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.
Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering.
Cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses. They cover losses that result from unauthorized data breaches or system failures.
Areas of Risk To Be Aware Of
1. Computer fraud: This is a loss stemming from the unlawful theft of money due to a “computer violation” or in easier terms – it is the unauthorized entry into or deletion of data from a computer system by a third party. This could include engaging in data mining via spyware and malware or sending computer viruses with the intent to destroy or ruin another party’s computer or system.
2. Funds transfer fraud: This is a loss that caused by fraudulent instructions to transfer funds made without the insured’s knowledge or consent. This can happen by fraudsters gaining login credentials in order to access protected accounts.
Tips when shopping for Cyber insurance:
1. Cyber policies are not all the same. It is important to speak with a broker that knows the Title industry.
2. It is not a good idea to base your decision on price. Keep in mind, most of the time, the cheaper the coverage, you most likely have less coverage than you may think.
3. Check the policy coverages limits – know what covered and know what is not covered
4. Read the exclusions page: This spells out what is NOT covered.
Key Words to Know When Choosing the Correct Coverage:
Network Security: Insurance against cyber-attacks and hacking attacks.
Theft and fraud: Cover destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.
Forensic investigation: Covers the legal, technical, or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack, and to stop an attack.
Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber-event or data loss.
Social Engineering: is the non-technical cyber strategy that relies on tricking people into breaking standard security practices by manipulating victims into performing various actions or providing confidential information. Social engineering fraud (SEF) is a type of fraud that’s become increasingly common over the last several years, with a large majority of this fraud transpiring over email communications.
Cyber extortion and ransomware: Provides coverage for the costs associated with the investigation of threats to commit cyber-attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.
Reputation Insurance: Insurance against reputation attacks and cyber defamation.
Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software, or other information destroyed or damaged as the result of a cyber-attack.
Information Privacy. Covers organizational liabilities arising from actual or alleged non-compliance with any worldwide cyber, information privacy, or identity-related regulation, statute, or the law. For example, this coverage part would cover an organization's legal defense, and ultimate monetary settlement, resulting from a regulatory claim alleging such organization was non-compliant with any covered privacy regulation
Bricking- Bricking refers to a consumer electronic device that has been damaged beyond repair, making it utterly unusable, often because of damaged firmware, malicious or incorrect software. once they are rendered inoperative, they are virtually useless except as a paperweight or a doorstop
Insurance and recovery process: Coverage for business interruption loss under cyber insurance policies is becoming more prescriptive, the language in most insurance policies is still somewhat open ended and subject to competing interpretations. Most business interruption coverage includes a waiting period of a certain number of hours and a requirement that net profit or loss, charges and expenses be calculated on an hourly basis. It’s important to recognize that cyber insurance policies provide for the recovery of lost net profits and mitigation costs, as well as continuing expenses, such as employee salaries.
