Privacy Breach Coverage Commercial Lines
2 Agenda • Evolving Need for Insurance • Enhanced Privacy Breach Endorsements • New Privacy Breach Liability Coverage • Ease of Underwriting • Value Added Services • What’s Next? • Questions
3 Evolving Need for Insurance
4 Privacy Breach Evolving Need for Insurance • Any business that collects personal information has a legal liability to protect it • Breach of Security Safeguards Regulations (BSSR) - Nov 2018 • European Union General Data Protection Regulation (GDPR) - May 2018 2017 Stats from Breachlevelindex.com by Gemalto
5 Privacy Breach Breaches Occur Due to Small Lost Decreased Damage to 40% 49% 37% 43% businesses customers revenue the brand
6 Privacy Breach Commercial Lines Privacy Breach Solution Enhanced New Existing first party Third party liability endorsements • coverage Remediation • expenses Liability • • Business Legal fees or interruption defence expense • Legal expenses
7 Enhanced Privacy Breach Endorsements Form E127 (Version 3) Form E128 (Version 2)
8 Privacy Breach Name Change Existing Effective August 2018 Cyber Expense Endorsement – Privacy Breach Expense Endorsement – Form E127 Form E127 Cyber Legal Expense Privacy Breach Legal Expense Endorsement – Form E128 Endorsement – Form E128
9 Privacy Breach Defining Privacy Breach • Failure to prevent unauthorized use of or unauthorized access to data that are What is a non-public and personal information as privacy breach? established by Canadian law and that are possessed, managed, entrusted to or held by the Named Insured • Theft of non-computer data
10 Privacy Breach Knowledge Check • Social insurance number What are some • Bank account, credit card, debit card examples of information personal • Drivers license number information? • PIN numbers • Medical diagnosis, patient history and medications
11 Privacy Breach Coverage Overview Privacy Breach Expense Endorsement Privacy Breach Legal Form E127 Expense Privacy Breach Expense Business Interruption Endorsement Coverage Coverage Form E128 Insuring Agreement A Insuring Agreement B Remediation Expenses • Notification • Loss of Income • Applies to legal fees or • Computer Forensic • Extra Expense defence expense that are Coverage Services (includes computer made necessary by a civil • Public Relations forensic service proceeding in regard to a • Credit Monitoring expenses) covered privacy breach • Fraud Monitoring Value Added Access to CyberScout services without being subject to conditions, exclusions, Services or coverage
12 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement Waiting period reduced from 48 hours to 24 hours • Coverage applies 24 hrs after a privacy breach is discovered Business ✓ Faster relief for the customer Interruption Indemnity period increased from 30 days to 60 days • Duration of the coverage can increase up to 60 days ✓ Longer relief for the customer
13 Privacy Breach Business Interruption Claim Retail Company Claim : Computer systems were The breach is proven: • hacked and they could not access Loss of income covered from the 24 th computers or operate POS hour versus 48 th hour machines. ✓ Customer gains a full of day of business income Business was shut down for three • Policy will cover up the applicable limit days to prevent any damage to up to 60 days versus 30 days customer records while forensic ✓ Business interruption expenses are work was done. It took 50 days to covered for an additional 20 days return to prior level of income.
14 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement If a privacy breach arises from business activities outside Canada Worldwide • Coverage extended from the US and EU to worldwide coverage up to • Coverage period extended from 30 to 60 days 60 days ✓ More employees travel worldwide and for longer period ✓ Wider scope and longer indemnity for the customer
15 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement Privacy breach coverage is extended to smart phones as part of bring your own device to work (BYOD) extension ✓ Peace of mind to customer as privacy breach attacks to Smart phones smart phones are on the rise
16 Privacy Breach Knowledge Check • A demand made by an outside entity to the customer for money or something in value What is cyber in exchange for not carrying out a threat to commit privacy breach extortion? • A threat to disseminate, without authorization, data that are non-public and personal information or to deny, to impede, to make unavailable or to otherwise disrupt access to such data
17 Privacy Breach Knowledge Check • Investigation and analysis of, and What are computer documentation for, computer or computing equipment by a certified individual or forensic services? organization from outside the customer entity • If approved by Intact Insurance, these services can also be provided by an IT employee of the customer
18 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement • Computer forensic services irrespective of an actual privacy breach, approved in writing by Intact beforehand • Other remediation expenses due to privacy breach caused directly by cyber extortion • Business interruption loss due to privacy breach caused directly by cyber extortion Cyber Extortion ✓ Mitigates or prevents the cyber extortion ✓ Relieves customer of additional expenses while dealing with extortion Payments towards ransom, extortion or blackmail payments are excluded
19 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement Exclusion for cloud storage is removed ✓ Benefits customers who are increasingly using cloud services for data storage Cloud Storage “Cloud Storage Market is projected to witness a compound annual growth rate of 29.73% to reach a total market size of US$92.488 billion by 2022, from US$25.171 billion in 2017.” Research and Markets Report
20 Privacy Breach Coverage Enhancements Privacy Breach Expense Endorsement Required notification of a privacy breach to a governmental entity with authority to regulate the privacy of non-public and Remediation personal information of Canadians Expenses ✓ Support customers to comply with mandatory reporting of includes Breach of Security Safeguards Regulations (BSSR) of PIPEDA and European Union General Data Protection Regulation (GDPR) Fines, penalties or assessments of any nature including those related to Payment Card Industry (PCI) Standards are excluded
21 Privacy Breach Existing Key Exclusions - Reminder Expenses arising from any fact or circumstance known Prior Knowledge prior to the effective date of coverage Information Technology Privacy breach from failure to diligently deploy updated Security functional security software Loss, damage, expense or costs arising out of liability Third Party Liability to a third party • Computer, device hardware or software costs Computer Forensic • Payments for service or maintenance Services • Remuneration expense unless approved
22 Privacy Breach Cyber Extortion Claim Small Hotel ✓ Expenses for computer forensic services if agreed in writing by Intact for cyber extortion Claim : Customer experienced a ransonware attack and a ransom If breach is proven, covers: of $4,000 of bitcoin was ✓ Cloud data requested. Credit card information ✓ Remediation expenses such as of 5,000 guests may be at risk, notification to authorities and clients include European guests. ✓ Business interruption expenses
23 Privacy Breach Endorsement Amounts of Insurance Privacy Breach Expense Endorsement Privacy Breach Legal Expense Form E127 Endorsement Privacy Breach Expense Business Interruption Form E128 Coverage Coverage $25,000 $25,000 $25,000 $50,000 $50,000 $50,000 $75,000 $75,000 $100,000 $100,000 Higher amounts introduced $150,000 $150,000 $200,000 $200,000 $250,000 $250,000
24 Privacy Breach Pricing – Introductory Limits $25,000 Introductory Premium Deductible • $1,000 - Privacy Breach Expenses • 24-hour waiting period for Business Interruption $120 • No waiting period for Extra Expenses • Provided that the actual loss sustained under Business Interruption exceeds the 24-hour waiting period
25 Privacy Breach Pricing – Higher Limits For limits > $25,000 , premium is rated based on major class’ relative degree of privacy breach exposure Low Medium High Common Examples • Farms • Building Owners • Financial Institutions • Contracting • Apartments & Condos • Healthcare • Forestry • Wholesaling • Services
26 New Privacy Breach Liability Coverage Form E161 (Version 1)
27 Privacy Breach Privacy Breach Liability – Form E161 Effective • Protects the Intact customer from claims or August 2018 actions due to a breach of personal information New coverage for • Recommended as a coverage to complement third party liability the first party endorsements
Recommend
More recommend