CyberCPA – Cyber Coverage
Cyber attacks and data breaches continue to make the news, and small to mid-size firms are just as vulnerable as larger organizations. Unlocked computers, lost mobile devices, stale security passwords, and network hacker attacks are just some of the ways CPA firms are exposed to data breaches and cyber risk.
Consider This: NAS Insurance claims results show that costs associated with a data breach can conservatively range from $10 to $30 per record for breach response services such as client notifications, IT services, legal expenses and communication costs. This range does not include indirect costs such as reputation loss and increased client churn (lost clients). A firm with 2,000 client records, at a rate of $20 per record for breach response, may potentially incur over $40,000 worth of expenses. A single incident of this nature can significantly impact a firm’s financial bottom line and reputation.
Core coverages (first-party) include
- Privacy Breach Response Costs – Coverage for reasonable legal, public relations, advertising, IT forensic, call center, and credit monitoring fees, costs to provide identity theft education and assistance to affected individuals, and postage expenses incurred by the firm in response to a privacy breach.
- Network Asset Protection (including Non-physical Business Interruption) – Coverage for reasonable and necessary sums required to recover and/or replace data that is compromised, damaged, lost, erased or corrupted due to accidental damage or destruction of electronic media or computer hardware, administrative or operational mistakes in the handling of data, or computer crime/attacks. Coverage also includes business interruption and extra expense coverage for income loss resulting from a total or partial interruption of the firm’s computer system, which is caused by any of the above events.
- Cyber Extortion – Coverage for extortion expenses and extortion monies incurred as a direct result of a credible cyber extortion threat.
- Cyber Terrorism – Coverage for income loss and interruption expenses incurred as a direct result of a total or partial interruption of the firm’s computer system due to a cyber terrorism attack.
- Zero deductible
- $50,000 per event for each core coverage, and aggregate limits between $50,000 and $250,000 depending on firm size. Or,
- $100,000 per event for each core coverage, and aggregate limits between $100,000 and $500,000 depending on firm size
Breach Response Services
Firms will have access to comprehensive Breach Response Services coordinated by NAS Insurance Services, a market leader for cyber insurance. The NAS claims team partners with leading professional service organizations and will work with firms throughout the entire response process, offering services such as:
- Legal counsel
- IT security and forensic experts
- Public relations/advertising support
- Breach notification to clients
- Credit monitoring and identity theft education and assistance
Risk Management and Claims Handling
Firms with CyberCPA coverage will have access to a cyber risk management website with tools and resources providing education on how to safeguard information, increase awareness of cyber risk and how to respond in the event of a breach. A suspected or actual privacy breach must be reported directly to CAMICO, who will then engage NAS. A specialized privacy claims adjuster will be appointed to manage the claim. NAS will remain in close contact with the firm to ensure effective and efficient handling from start to finish, working with experienced counsel and vendors to guide the firm through the process of exposure analysis, notification, protection and data recovery.
This information is provided as a general overview and is not intended to be a complete description of all applicable terms and conditions of coverage. Actual coverages and risk management services and resources may change without notice and are subject to policy provisions as issued. Coverage offered through NAS Insurance Services. 2015 All Rights Reserved.