The Unseen Enemy - Protecting the Brand, the Assets and the Customers
Cyber for Beginners v2
1. Cyber Risk & Cyber Coverage
Cyber Risk Insurance is Rapidly Emerging as a
Must for Businesses Large & Small in Every
Industry, Including Community Associations!
2. Cyber Insurance
Overview
• What is Cyber Insurance?
• Why do Community Associations need
Cyber Coverage?
• Are there Different Types of Cyber Policies?
3. 1. Do you know what to do in the event of a breach?
2. How much does a breach cost?
4. What is a Breach?
• Failure to prevent unauthorized access to, or use of, electronic or non-
electronic data containing personal identifiable information (PII)
• Failure to prevent the transmission of a computer virus into a computer
network that is not rented, owned, leased by, licensed to, or under the
direct operational control of, the association or property manager
• Failure to provide any authorized user of the association or property
manager’s website or computer system with access to such website or
system
• Failure to provide notification of any actual or potential unauthorized
access to, or use of, data containing private or confidential information
of others if such notification is required by any applicable security
breach law
5. • “Nonpublic Personal Information”
• Medical or Health Care Information
• Private Personal Information by state
• Unique Identity Numbers – driver’s license, state ID number, SSN,
unpublished phone numbers, card numbers, passwords, PINs,
access codes
What is PII?
6. Calculating Costs of Breaches
1. Forensic Examination
2. Notification of Affected Third-parties
3. Call Centers
4. Credit/Identity Monitoring
5. Public Relations
6. Legal Defense
7. Fines and Penalties from Regulatory Proceedings
and PCI DSS violations
8. Comprehensive Written Information
Security Program
7. Cyber Breaches – Fact or Fiction?
1. A Cyber Breach only occurs with data stored on a computer or through
other electronic means.
The above is Fiction: In reality, paper files may also be considered
Personal Identifiable Information (PII) and if they are not stored or
destroyed properly, may lead to a breach.
8. Insuring Agreements
Network and Information Security Liability
(3rd Party Insuring Agreement: A)
Coverage for claims arising from:
Failure to prevent unauthorized access to data, failure to provide notification
of a data breach where required by law, transmission of a computer virus, and
failure to provide authorized users with access to the company website
Claim Example: The property manager hired by a HOA experiences a data
breach involving payment card data of residents. Homeowners file a lawsuit
against the HOA and Property Manager for their failure to prevent
unauthorized access to this data.
8
9. Insuring Agreements
9
Regulatory Defense Expenses
(3rd Party Insuring Agreement: C)
Coverage for governmental claims made as a result of network and
information security liability or communications and media liability
Claim Example: The attorney general brings regulatory action against
the HOA and Property manager for failure to protect the identity
information of residents, including an assessment of fines / penalties.
10. Insuring Agreements
10
Security Breach Remediation and Notification Expenses
(1st Party Insuring Agreement: E)
Coverage for costs associated with notification of individuals breached, credit
monitoring for 365 days or longer where required by law, fraud expense
reimbursement, and a call center.
- Reimbursement coverage for services provided by an Approved Service
Provider
Claim Example: As a result of the data breach, the HOA is responsible for
notifying individuals whose PII was compromised. Notification costs include:
- Legal Services to comply with specific notification / privacy laws
- Forensic Investigation
- Credit Monitoring and ID Fraud policies for affected individuals
10
11. Insuring Agreements
11
Crisis Management Event Expenses
(1st Party Insuring Agreement: D)
Coverage for public relations services to mitigate negative publicity
Claim Example: A public relations firm is hired to restore community
confidence in the HOA and property manager and to mitigate negative
publicity generated from the incident
11
12. Cyber Breaches – Fact or Fiction?
2. My association is not liable for a breach since the property
management company handles all of our resident data and
information.
The above is Fiction: Associations are still ultimately responsible for
the data of its residents, even if the data is handled exclusively by the
property manager. It is important to review the management contract
for mention of who is held liable in the event of a breach.
13. Other Coverages Available
in a Standard Cyber Policy
Communications and Media Limit of Liability
Business Interruption and Additional Expenses
E-Commerce Extortion
Computer Program and Electronic Data
Restoration Expenses
Computer Fraud
Funds Transfer Fraud
13
14. Cyber Breaches – Fact or Fiction?
3. My association collects no personal information other than
addresses, and we are either self-managed or our property manager
doesn’t collect this information either. We have no exposure to a
breach.
The above is Fiction: If your community has a website or the property
manager provides an online portal for paying dues, there is still the
potential for a breach. Emails and newsletters infected with viruses are
also potential exposures.