STANDARD KEY COVERAGE
- Full Prior Acts
- Computer crime, electronic theft & telecommunications fraud
- Social engineering coverage
- Cyber terrorism and ransom
- Programming and human error
- Pre and post breach risk management services
- Forensic costs up to the full policy limit
- Costs to cover Payment Card Industry fines and penalties
- Liability coverage extended to cloud providers and external vendors
- Reputational harm and brand reestablishment
- Voluntary notification
- Most favorable venue language
- 70/30 hammer clause
LOSS CONTROL, EDUCATION AND TRAINING
CyberPro provides crucial insurance protection and
also to responds to constantly evolving regulation and legislation regarding managing and mitigating
Cyber risk.
InterWeb Insurance partners with experts who
provide up to date advice and information to help avoid or minimize
breach events and, should such events occur, manage them appropriately and effectively.
ON-LINE LEARNING AND RESOURCES
The program includes CyberScout the leading breach response company, for data risk management. The CyberScout Learning
Management System (LMS) is an online training program that equips policyholders with
the basic knowledge they need to mitigate and manage risk and keeps them informed
of the latest legal, regulatory developments affecting their business.
CYBERSCOUT E-LEARNING TOOL
- Three separate learning modules lasting from 25-60 minutes.
- Topics on Data Security and Privacy 101; Data Risk Privacy Management; and Data Breach Forensics, Liability and Remediation.
- Material relevant to small and medium-sized businesses perceived to have low to high-risk exposure, and their employees and brokers.
- Dynamic assessments that test users with new questions every time they undertake one of the eLearning modules.
- Printed certificates upon course completion.
- Access to breach specialists to fully prepare and equip policyholders to meet regulatory response deadlines, government rules and other key steps required to protect their business from potential fines and lawsuits and to preserve their reputation.
BREACH RESPONSE WEB PORTAL
The Breach Response website enables users to:
- Prepare for the worst by sharing best practice tips, breach scenarios and a risk assessment calculator.
- Review privacy laws and guidelines for each state and province outlined in a quick summary guide.
- Develop an incident response plan
- Access the Knowledge Center for educational content, industry trends and regulatory changes.
BREACH RESPONSE SERVICES
Depending on the nature of the breach, InterWeb Insurance will connect you with a broad range of experts for the specific advice you need to
take decisive action, mitigate further loss or exposure and protect yourself.
BREACH RESPONSE
A breach counselling service is available to help evaluate the incident and to
determine whether a privacy breach has occurred. In the event of a confirmed
breach the team will help assess the severity of the event, explain breach response
requirements and share best practices to respond to the situation and mitigate further
risk to you.
NOTIFICATION EXPENSES
CyberPro provides cover for reasonable and necessary legal expenses, postage
expenses and related advertising expenses, to mitigate damage to a policyholder’s
brand and/or comply with governmental privacy legislation in the event that personal
information has, or could be, compromised. Reimbursement of all such expenses is
subject to the insurers approval.
In the event of a breach, policyholders will be guided through the process
of notifying the individuals affected, whether they are their employees, customers, or
patients. CyberPro will help policyholders determine the best method of notice
(for example, direct mail, email or media disclosure) and select the most appropriate
supplier to help you remain compliant with federal, state and regional requirements. CyberPro may also provide the
following services if relevant.
- Provision of notification letter template(s) and/or service enrollment documents;
- Management, handling, printing and mailing of letters;
- Ensure that policyholder's customer information is up to date by analyzing their
customer address database against multiple national databases (such as Coding
Accuracy Account System (CAAS), National Change of Address (NCOA), and
Locatable Address Conversion System (LACS);
- Identify incorrect contact information and resolve; or establish alternative
notification methods to ensure that as many of the policyholders customers as
possible are notified;
- Return mail handling, reporting and additional address changing. Printing and mailing
of notification letters for returned mail when new addresses are available;
- Advertising Services.
EVENT MANAGEMENT SERVICES
Where applicable, and if policyholders reasonably consider that they need to avert or
mitigate damage to their brand following a covered event, reasonable and necessary fees
for hiring a public relations consultant will be covered subject to insurer's agreement.
CyberPro will work with policyholders to appoint a public relations consultant to interact
with the public and media and protect their company’s reputation after an incident. In
many cases CyberPro will consider hiring a local firm or one that policyholders have worked
with previously, subject to the right experience and expertise.
For policyholders larger customers with international operations CyberPro has worked with
Fleishman Hillard and Edelman Canada.
ADDITIONAL COVERAGE
- Business interruption and data restoration coverage extension to external vendors
- Notification costs outside of policy limits
- Media coverage extended to physical products
- Contingent bodily injury/property damage
- Deductible waiver
FORENSIC AUDITING
Under the CyberPro Network Interruption and Recovery module, cover is provided
for the costs of hiring appropriate forensic auditors to review all details relating to a
breach and to determine the cause and extent of any theft or unauthorized disclosure
of information. This may involve digital and network investigations of hacking incidents,
lost and stolen property, Cyber extortion, database fraud, offensive communication, and
other risks. Through appropriate forensic investigation the existence, cause and impact
of the event may be established, together with the extent to which there may have been
unauthorized access or disclosure. All necessary steps to prevent future breaches can
also be identified.
In conjunction with CyberScout, CyberPro will identify experts to
investigate an event and where they need to be PCI approved. We currently work with
firms including, but not limited to, the following:
- Crypsis
- Kivu
- Fire Eye Mandiant
- Kroll
SUPPORT, CREDIT AND IDENTITY THEFT SERVICES
To mitigate the impact on policyholder’s customers following an actual or potential compromise of personal information, it may be necessary to deploy certain identity and/or credit management and monitoring services. This is to ensure compliance with certain federal, state and regional requirements and/or provide additional protection and security to affected individuals. These services may include:
- Credit file review and report translation, interpreting policyholder’s customer credit files and reports and helping them understand the data.
- Activation of fraud alerts, to notify potential creditors or lenders to individuals/entities that may be victims of identity theft.
- Monitoring policyholder’s customer credit and/or personal data, which may include but is not limited to, multiple bureau credit reporting or monitoring, court records monitoring, change of address monitoring, social security number tracing, payday monitoring and/or cyber monitoring.
- Promptly alerting individuals of changes detected through monitoring services, such as new credit applications, new financial accounts, credit enquiries or loans.
- Provide individuals with access to electronic education and alerts via email.
- Assistance in creating a customer affidavit in the event of fraud.
- Dedicated fraud specialists working to gather evidence and help creditors reduce damages and resolve identity theft events. This includes follow up to include tracking of activity and steps taken to resolve the issue.
- Systematic notification to any relevant government and private agencies (including but not limited to Social Security Administration, Internal Revenue Service, Department of Motor Vehicles, Federal Trade Commission, Attorney General Office, Financial Institutions, Check Systems, Collection Agencies).
- Assistance with credit file freezes (in States where it is available and in situations where it is warranted).
- In the event an affected victim is the subject of a complex identity theft or financial fraud scheme, further investigation and action that goes beyond routine remediation activities may be necessary.
All of the above services can be provided through CyberScout and/or other agreed providers, as required by the nature and details of the breach.
CALL HANDLING SERVICES
These services may be provided by CyberScout or providers selected in consultation with policyholders depending on the specific requirements and nature of the breach. This will provide policyholders customers with a point of contact to obtain information relating to the breach, how it could potentially affect them and pre-agreed related information.
Depending on the specific breach and the providers selected to handle it, these services may include:
- Working with policyholders towards scripted responses via FAQs from customer service representatives to affected parties, including information regarding the breach. For matters not addressed within the pre-approved FAQs, queries may be redirected to policyholder. Experienced fraud specialists can answer questions about the notification letter, calm fears and provide pre-approved remediation services such as placing fraud alerts or enrolling breach victims in credit monitoring.
- Calls answered in line with established service levels.
- Toll-free access for breach notification recipients.
- Support for English, Spanish and other languages.
- Unlimited one-on-one access to a dedicated fraud specialist.
- Identification of groups that may need special call handling (i.e., the elderly, minors,
foreign language, etc.).
- Reporting capabilities, which may include number of calls received, duration of the
calls, calls abandoned, top 10 most frequently asked questions, type of information
requested, number of individuals with a true identity theft, type of identity theft and
resolution assistance provided.
LEGAL SERVICES
In the event that legal advice is required, CyberPro's works with many of the best privacy
lawyers in their capacity as breach coaches and defense counsel; providing advice on
the best course of action to take and how to comply with the applicable Breach Notice
Laws and other credit card related regulations.
Our experience shows that it is imperative to have the right experts and professionals
acting as breach coaches and defense counsel and that they have a successful track
record in handling matters with state AGs.