and services (discussed later). Payment Card Industry Data Security Standard (PCI DSS) Violation Coverage: Covers monetary fines or penalties resulting from the failure to comply with PCI Dss requirements. Regulatory Fines and Penalties: Covers monetary fines or penalties resulting from the failure to comply with state or federal laws. Network Extortion: Covers extortion monies and associated expenses that arise from a criminal threat to release sensitive information or bring down a network, unless such consideration is paid. Business Interruption: Indemnification for loss of income and incurred extra expenses that arise from a network security breach that occurs A seamless incident response plan incorporates all stakeholders. on the policyholder’s systems. Digital Asset Loss: Indemnification for costs to re-create, re-build, or re-collect digital inf ormation assets that were directly damaged as a result of a network security breach that occurs on the policyholder’s systems. Sync the Incident Response Plan to the Insurance Policy The incident response plan is another crucial aspect of cyber and privacy liability insurance. many insurers offer prearranged incident response services in the form of a data breach team – also called an incident response team – which is a group of preapproved vendors that must be utilized in the event of a data breach. Other insurers offer their policyholders the choice of vendors with their prior written consent. It is crucial to be aware of what your insurer offers. Failure to properly provide notice of claim to the insurer and gain its written consent to utilize response vendors can lead to uninsured claims and can compromise coverage. You can avoid this by syncing the incident response plan with the insurance program and gaining the insurer’s prior written consent as part of the application process before coverage is purchased. Teamwork is Key to Incident Response a seamless incident response plan incorporates all stakeholders, 20 HBma BIllINg • NOVemBer.DeCemBer.2014 internal and external, including the insurance broker, insurer, and the insurers’ service providers. The data breach or incident response team is a crucial component of the incident response plan. This team includes prearranged incident response service providers, including: • a data breach legal advisor to provide immediate legal triage and direction, typically offered at no retention or deductible; • a forensic investigator to determine the nature and scope of the incident, take immediate steps to contain it, and ensure that forensic evidence is not accidentally ruined; • Public relations or crisis management specialists to assist with brand damage containment, media communications, and press releases; • Notification and call center vendors to assist with providing notice to affected individuals and handle customer service calls from users of the compromised data; and • Credit monitoring or credit-fraud remediation services to provide impacted individuals with credit monitoring or credit remediation services. Purchasing cyber and privacy liability insurance is a crucial step in protecting yourself from data breaches. By reviewing the information here, you will be armed with a basic understanding of what this insurance covers, which can help you make the right decisions for your business. In the next issue of Billing, we will conclude the series on cyber and privacy liability insurance by discussing the importance of the application process. Gamelah Palagonia, founder of Privacy Professionals LLC, brings over 30 years of risk management and insurance brokerage experience. She is one of the first insurance professionals to specialize in online media, intellectual property, technology errors and omissions liability, and cyber risks.
Billing_NovDec14
To see the actual publication please follow the link above