CyberCPA – Cyber Coverage
Cyber-attacks and data breaches continue to make the news, and small to mid-size firms are just as vulnerable as larger organizations. Unlocked computers, lost mobile devices, stale security passwords, and network hacker attacks are just some of the ways CPA firms are exposed to data breaches and cyber risk.
Consider This: The average cost of a data breach to an organization was $141 per compromised record in 2017, according to the 2017 Cost of a Data Breach Study by Ponemon Institute. This includes direct costs (such as forensic experts, legal expenses, and communications) as well as indirect costs (such as client loss from turnover or diminished acquisition). A firm with 1,000 client records, at a rate of $141 per record for breach response, may potentially experience over $141,000 in direct and indirect costs without full-service, expert remediation services to help prevent or reduce these costs. A single incident of this nature can significantly impact a firm’s financial bottom line.
Core coverages (first-party) include
- Privacy Breach Response Costs – Coverage for reasonable legal, public relations, advertising, IT forensic, call center, and credit monitoring fees; costs to provide identity theft education and assistance to affected individuals; and postage expenses incurred by your firm in response to a privacy breach.
- Network Asset Protection (including Non-physical Business Interruption) – Coverage for reasonable and necessary sums required to recover and/or replace data that is compromised, damaged, lost, erased or corrupted due to accidental damage or destruction of electronic media or computer hardware, administrative or operational mistakes in the handling of data, or computer crime/attacks. Coverage also includes business interruption and extra expense coverage for income loss resulting from a total or partial interruption of your firm’s computer system, which is caused by any of the above events.
- Cyber Extortion – Coverage for extortion expenses and extortion monies incurred as a direct result of a credible cyber extortion threat.
- Cyber Terrorism – Coverage for income loss and interruption expenses incurred as a direct result of a total or partial interruption of your firm’s computer system due to a cyber terrorism attack.
- $50,000 per event for each core coverage, and aggregate limits between $50,000 and $250,000 depending on firm size. A deductible of $2,500 per insured event applies. Or,
- $100,000 per event for each core coverage, and aggregate limits between $100,000 and $500,000 depending on firm size. A deductible of $5,000 per insured event applies.
Breach Response ServicesYou will have access to comprehensive Breach Response Services coordinated by claims professionals who will work with your firms throughout the entire response process, offering services such as:
- IT security and forensic experts
- Media relations assistance
- Breach notification to clients
- Credit monitoring and identity theft education and assistance
- Remediation services
Risk Management and Claims HandlingFirms with CyberCPA coverage will have access to a cyber risk management website with tools and resources providing education on how to safeguard information, how to increase awareness of cyber risk, and how to respond in the event of a breach. A suspected or actual privacy breach must be reported directly to CAMICO, who will then engage a breach services specialist to manage the claim.
This information is provided as a general overview and is not intended to be a complete description of all applicable terms and conditions of coverage. Actual coverages and risk management services and resources may change without notice and are subject to policy provisions as issued. Coverage and risk management services may vary and are provided by CAMICO and/or through its partners and subsidiaries. CAMICO is a registered trademark of CAMICO Mutual Insurance Company. ©CAMICO Mutual Insurance Company. All Rights Reserved.