FEATURE sTOrY the cyber and privacy liability insurance Application A KEY STEP IN GETTING THE BEST PLAN FOR YOU By Gamelah Palagonia, CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ Editor’s note: The following is the conclusion of a series of articles from Gamelah Palagonia about cyber liability insurance. t he application process is a critical step in obtaining cyber and privacy liability insurance. The following are key items to consider when you apply for this type of insurance. The insurance application process often includes many questions about organizational compliance, internal procedures, hiring processes, employee privacy, training/awareness programs, physical security, IT security protocols, claims history, and many other items. When responding to these questions, make sure all stakeholders are involved, including IT, human resources, audit, compliance, and marketing personnel. The application becomes part of the insurance contract, and in most cases, it is considered a warranty or a guarantee that the statements made by the organization on the application are true and correct. The application serves as the underwriter’s “risk assessment,” as the insurer accepts risk based on representations made by the applicant in exchange for a premium. If the application does not reflect the proper risk or the insured's representations were not correct, insurers have the right to deny coverage, rescind the policy, or charge an additional premium. For example, certain policies may contain the following type of exclusion: “any security breach resulting from the knowing and intentional failure of the insured to maintain security systems equal or superior to those disclosed in the application for insurance, or the failure of the insured to use best efforts to install or implement commercially available updates to such security systems.” policy terms, conditions, and exclusions There is no one-size-fits-all cyber and privacy liability insurance product. This type of insurance program should be tailored to the size of the organization, its industry sector, and its particular compliance requirements. Presently, each cyber and privacy liability insurer has its own proprietary policy form, because there is no industry standard. The policy terms, conditions, and exclusions can differ drastically among insurers – an insurance broker can help you make sense of these differences. an experienced insurance broker should be able to compare each insurer’s proposal, policy terms, conditions, and exclusions to determine which option is best for the client’s specific exposures and data security and privacy compliance requirements. Businesses can no longer take a reactive approach to cyber and privacy risk management. due to escalating cybercrime, privacy threats, and evolving legislation, businesses of all sizes should prepare for data breaches in advance and have an executable incident response plan in place. Buyers need to be aware of the potential pitfalls of buying insurance “shelf products” at the lowest premiums, as doing so may lead to major unanticipated expenses, delays, and problems when breaches occur and claims are made. Cyber and privacy liability insurance is a specialty product that requires expertise. Therefore, it is very important for businesses to select an insurance broker and insurer that concentrate on cyber and privacy risks with dynamic claims management services to effectively transfer their loss exposures and risk of financial harm to the insurance carrier. Gamelah Palagonia, founder of Privacy Professionals LLC, brings over 30 years of risk management and insurance brokerage experience. She is one of the first insurance professionals to specialize in online media, intellectual property, technology errors and omissions liability, and cyber risks. THe jOurNaL OF THe HeaLTHCare BILLINg aNd maNagemeNT assOCIaTION 25
Billing_JanFeb15
To see the actual publication please follow the link above