What is Cyber Insurance?
Cyber threats are commonplace today, and community associations and their boards of directors must make data security a top priority. Failure to do so could result in board members being held liable to owners for negligence for any losses stemming from a breach.
Cyber liability insurance, as the name suggests, insulates your company or organization from damages incurred during a security incident. The idea being that you shift some of the risk to the insurance company. There is a second form of cyber insurance, which is for individuals instead of companies. Individual cyber insurance is more aimed at combating identity theft. For the sake of this discussion, we’re talking about cyber policies for community associations or in other words Condominium and Coop Associations.
It’s also worth noting at the outset that cyber insurance is not the same as general liability insurance. General liability takes care of bodily injuries and property damage that result from your products, services or operations. With most insurers, cyber risks are not included under this umbrella. Do not make the mistake of assuming they are. Sony made that mistake during its 2011 breach and it ended up costing $171 million dollars.
Cybersecurity insurance primarily covers breach events where personal identifying information (PII) is lost, disclosed or stolen.
Examples of PII include:
- Social Security numbers
- Credit Card information
- Account numbers
- Driver’s License numbers
- Healthcare data
In Europe this is called Personal Data. Regardless of where you hail from though, the definition of a data breach is pretty universal. Even the smallest incident, like accidentally disclosing a single customer record to the wrong party, qualifies as a personal data breach. And while there is a requirement to report breaches to the appropriate authorities, not every incident rises to the level of reporting. Cybersecurity insurance is still relatively new, so in many ways it’s still evolving.
Generally, cyber insurance covers legal fees and expenses associated with a breach, in addition to:
- Assisting with customer notifications following an incident
- Working to restore the personal identities of affected customers
- Recovering data that was compromised during the incident
- Repairing damaged computer systems and networks
- Many insurance policies will also offer affected customers credit monitoring services as well, which can help to rebuild your company or organization’s reputation following a security incident.
CYBER LIABILITY EXPOSURES FOR COMMUNITY ASSOCIATIONS CAN COME FROM:
- A computer malfunction accidentally distributing an association’s confidential information in a mass email or on printed material, or posts of sensitive data on a website.
- An email communication discussing a member’s medical condition inadvertently being sent to all owners rather than to board members only.
- A cybercriminal hacking the association’s computer system and gaining access to the association’s bank accounts.
- An association employee’s or board member’s cell phone, laptop or USB flash drive being stolen, containing sensitive member and board executive session information.
Cybercrime in the US, according to the Infosec Institute, costs $100 billion annually—that’s about two times the losses incurred from floods, hurricanes and other weather-related disasters. In addition, Small and Midsize Businesses (SMBs), such as community associations, are often the target of cybercriminals due to cybersecurity gaps and the valuable data they possess. Cyber thieves are looking to get their hands on information such as the owners’ bank account routing numbers, credit card numbers, and even social security numbers and email addresses.
To address the threat of exposer to cyber liability, a community association’s board should implement robust data-security measures to mitigate its risk as well as secure cyber liability insurance to step in, should a breach and loss occur. Also important is requiring third-party vendors, such as a management company, to implement strong cyber controls and carry cyber insurance, particularly if it is managing the association’s website.