Cyber Liability for Municipalities
Separate Coverage Form vs. Sublimits
Do you have a website, computer network, personal information of others, laptops, smartphones? How about employees who may accidentally or intentionally release private information of others? Have you ever thrown actual paper versions of the aforementioned information into an accessible recycle bin? The answer is often 'yes' which means you have cyber exposures and need to address them properly.
These incidents can have a considerable financial impact on a public entity, including the cost of lawsuits, crisis management and notification of the affected parties. They can also lead to a public relations nightmare. Public entities are doing more with less, facing staff cuts, greater regulatory transparency and greater public focus on tax dollars. A common belief is that: “We can handle this ourselves.”
However, truth being told, public entities would have difficulty complying with state and federal notification requirements in the event of a data breach. Would you also provide credit monitoring services, identity theft education and assistance for the affected party? Do you understand the cost to identify and remedy the breach? How about the notification requirements on the federal or local level? Will there be a cost associated with restoring public confidence?
The big examples make the news, but take a few zeroes off this example, and you'll have an idea of what even the small claims may cost. A state’s Department of Revenue announced 3.6 million Social Security numbers and 387,000 debit cards had been exposed to a cyber-attack. The state paid $12 million for credit monitoring, $5.6 million for stronger encryption, $1.3 million for notification and a $20 million loan to cover the costs. Making a few adjustments to provide an example for a very small, local community, this one scenario would likely run in excess of $300,000. With current rates, a smaller public entity might be able to buy several decades worth of cyber coverage with that money among other things for your community. It’s not a question of can you afford it, but can you afford not to have it?
We must also consider the limits you may need versus a current ‘sublimit’ of coverage currently afforded to you. You may have $25,000-100,000 for some or combined for all of the following exposures. ‘Sublimits’ are givebacks to enhance coverage, but this coverage is often not as extensive and provides a much lower limit of protection than a standalone policy.
Here’s a list of some first party coverage options to consider:
- Data restoration
- Funds transfer fraud – does this fit in your crime insurance policy?
- Security breach notification and remediation expense
- Crisis management services
- Business interruption – system is down, can’t collect bills
- Extortion expenses – hackers hold your system hostage
- Cyber Liability E-Book
- Hand It Over: The Scary Truth about Social Engineering
- Cyber & Privacy Liability Series: Part 1 Webinar Replay
- Cyber & Privacy Liability Series: Part 2 Webinar Replay
ABOUT THE AUTHOR