Understanding Cyber Insurance for Public Entities and Their Needs

Public entities are increasingly vulnerable to cyber threats, and it's not just about protecting their systems, but also their reputation and finances.

Cyber insurance can provide financial protection against cyber attacks, with some policies offering up to $100 million in coverage.

The cost of cyber insurance can vary widely, from a few thousand dollars to tens of thousands, depending on the entity's size, industry, and risk factors.

Public entities need to carefully consider their cyber insurance needs, taking into account their unique risks and vulnerabilities.

Cyber insurance for public entities is a specialized type of insurance that helps protect governments and public organizations from financial losses due to cyber-attacks.

It's a rapidly growing market, with the global cyber insurance market projected to reach $20 billion by 2025.

Public entities are increasingly vulnerable to cyber-attacks, with 70% of government agencies experiencing a data breach in the past year.

This is due in part to the increasing use of technology in government services, which creates new vulnerabilities.

Cyber insurance can help public entities cover the costs of responding to a cyber-attack, including notifying affected parties, providing credit monitoring, and paying for forensic analysis.

The average cost of a data breach for a government agency is $3.9 million.

Cyber insurance for public entities provides critical coverage against data breaches and other cyber-related risks.

Cyber insurance policies typically cover unencrypted media in the care or control of third-party processors, as well as events occurring during the policy period but discovered afterward. This includes coverage for media in the control of others and events that occurred during the policy period but were discovered after the expiration of the policy period.

The types of data covered by cyber liability insurance include personal health information (PHI), personally identifiable information (PII), and confidential third-party/research information. Cyber insurance policies may also extend coverage to data hosting, outsourced electronic processing, or data storage.

Here is a breakdown of what is covered with cyber risk insurance:

Risk is the potential for financial harm to an organization from the failure or disruption of its computer systems, which can include a wide range of IT systems.

Cyber risk is a major concern for colleges and universities, with a culture of openness and information sharing making them highly susceptible to cyber risk. Insurers view them as a treasure trove of confidential information.

On a similar theme: Cyber Risk Modeling

Data breaches can lead to high-visibility problems, such as identity theft, electronic stalking, and compromise of health data, theft of intellectual property, and other liabilities. This is why institutions are at risk of losing income or incurring extra expenses due to cyber attacks.

In 2018, the FBI received 351,937 complaints, a new all-time high. The number of complaints jumped to 467,361 in 2019, a roughly 33% increase over 2018.

Phishing scams, non-payment/non-delivery scams, and extortion (ransomware) are the three major types of attacks reported to the FBI. These types of attacks can have a significant impact on an institution's operations and finances.

Personal health information (PHI) is a type of data that is protected by cyber insurance policies. PHI includes any information that contains individually identifiable health information, such as health status, provision of healthcare, or payment for healthcare.

Personally identifiable information (PII) is another type of data that is covered by cyber insurance policies. PII includes information that permits the identity of an individual to be reasonably inferred, such as name, address, telephone number, Social Security number, account numbers, account balances, account histories, and passwords.

Confidential third-party/research information is also covered by cyber insurance policies. This includes sensitive information in the care, custody, or control of an insured, such as trade secrets, designs, forecasts, methods, formulas, and records.

Data hosting, outsourced electronic processing, or data storage are also covered by cyber insurance policies. This includes organizations that rely on third parties, such as cloud providers and data centers, to perform critical business functions.

Here is a list of data types covered by cyber liability insurance:

Public entities, like all businesses, are vulnerable to cyber threats that can have serious consequences. Data breaches, malware infections, and ransomware demands can bring down your network and lock up devices, making it impossible to operate.

Having a robust security posture in place, such as using multi-factor authentication and a password manager, can lower your insurance premium or deductible. This is because robust controls and security practices can mitigate the risk of a cyber attack.

On a similar theme: Cyber Security

Here are some specific scenarios where cyber insurance can provide coverage:

Public entities make attractive targets for cyber criminals due to the sensitive information they store and their reliance on online systems. Municipalities and public entities often store personal information, tax records, and other sensitive data that can be sold on the black market.

Hackers seek out public entities because they are likely to have valuable information and be heavily reliant on their online systems. For example, a ransomware attack on the New York City government's systems could freeze their systems for a week, causing taxes to go uncollected, court cases to be unscheduled, and law enforcement to be undispatched.

Public entities are also vulnerable to hacktivist attacks, which occur when cyber criminals use hacking as social or political activism. This can be a concern for public entities that have passed controversial laws or have enemies who are skilled hackers.

Curious to learn more? Check out: Business Insurance for Online Sellers

State-sponsored attacks are another concern for public entities, as they can be targeted by hostile governments who seek to cripple their infrastructure, collect secret intelligence, or steal money.

Here are some common cyber threats to public entities:

These threats can have serious consequences, including the loss of sensitive information, disruption of critical services, and damage to a public entity's reputation.

Our team of dedicated cyber specialists has industry-leading expertise and knowledge on how cyber exposures can affect public entities.

We make sure you have the right protection while also offering hands-on value-added services.

You can connect with our cyber specialists by calling 1-800-265-4000 or emailing [email protected].

If you become aware of a cyber incident that may give rise to a claim or potential claim, you have access to a 24/7 Incident Hotline.

Please carefully review your cyber policy to identify the Subscribing Partner.

When handling a cyber claim, three parties are typically involved: the insured organization's defense counsel, broker claims assistance, and the insurer's claims team.

The organization's insurance broker provides related assistance and advocacy, and assists with settlement strategies and responding to coverage questions.

A major factor for organizations when deciding between insurers is claims-paying history.

Inadvertent mishandling of a cyber event by the institution usually won't void insurance, but best practices dictate engaging the insurance company in the process of addressing the event.

The insurance company may urge certain strategies, but its ability to mandate is a function of its willingness to continue as the insurer and whether the market provides the insurer leverage.

In some cases, an institution may want to act out of a sense of doing what is right or to reduce potential liability, even if they have no legal requirement to act.

The cost of these actions may be covered by insurance, even if they are not legally required.

Consider reading: What Is Event Cancellation Insurance

Public entities can benefit from cyber insurance coverage that protects against a wide range of cyber incidents, including data breaches and ransomware attacks.

Cyber insurance policies can cover media in the control of others, including unencrypted media in the care or control of third-party processors.

Data hosting, outsourced electronic processing, or data storage are also covered under cyber insurance policies, which may extend to a computer system operated by a third-party for the benefit of the insured.

Coverage under a cyber insurance policy may include events occurring during the policy period but discovered afterward, under a "claims made and reported form."

Cyber insurance policies can also cover errors and omissions—negligence or breach of contract, including legal defense costs or indemnification resulting from a lawsuit or dispute with customers.

The following types of data are covered by cyber liability insurance:

Here is a breakdown of what is covered with cyber risk insurance:

Comprehensive cyber insurance coverage is available, with all-inclusive limits available up to $1,000,000 for standard coverage, with higher limits and optional coverage available based upon your particular profile.