Cyber Liability Program

What’s Covered

Cyber Liability Insurance provides coverage for financial loss related to:

• Network intrusions/hacks/malware viruses
• Lost/missing/stolen electronic assets
• Phishing/spear phishing attacks
• Mishaps due to broken business practices
• Rogue employees
• Unauthorized access through improper disposal of data

ICRMA’s Cyber Liability program, for the 2022-2023 program year, includes a $5,000,000 per occurrence/annual program aggregate, a $1,000,000 annual per member aggregate, and a $250,000 per occurrence member deductible for those in Group 1, and a $500k per occurrence member deductible for those in Group 2. Additionally, Group 1 has Ransomware coverage for a $1M limit at a $500k retention, with a $5M pool limit. Group 2 has $0 in Ransomware coverage limits, however members without Ransomware coverage will still have Incident Response coverage, above the retention.

The program includes:

• ACE Privacy and Network Liability Coverage Grants, including Privacy Liability, Network Security Liability, Internet Media Liability, Network Extortion, Digital Asset Coverage, Business Interruption, and Data Breach Fund.
• ACE Data Breach Coach, an independent law firm specializing in data breach events, to assist the city in determining if it has had a network security breach incident, and/or if Personal Identifiable Information (PII) has been lost or stolen. The ACE Data Coach will then work with the city to determine the appropriate response to the event, drawing from the resources provided by the ACE Data Breach Team. Expenditure of the deductible is not required to obtain advice free of charge.
• ACE Data Breach Team, a panel of 17 industry-leading third party vendors specializing in digital forensics, medical ID fraud monitoring, customer notification, public relations, fraud consultation, credit monitoring and payment card industry investigations.

What to Do in the Event of a Breach

Immediately report breaches, suspected breaches, or claim notices directly to the carrier:

Chubb Director of Claims
P. O. Box 5105
Scranton, PA 18505-0518
cyberalert@chubb.com OR
1stnoticeofloss@chubb.com

Call the Cyber Incident Response Coach Hotline: 1 (800) 817-2665

Reporting Claims

Timely reporting plays a critical role in any claim. Furthermore, late-reported claims may be excluded from coverage. It is critical that you report the claim as soon as you believe a breach event has occurred, or even if you have suspicion of a breach event. Do not wait for confirmation of a breach before reporting a claim.

Claim Correspondence

In the event of a loss or breach, provide the claims department with the following:

1. Description of the breach or suspicion of the breach (including a description of how, when, and where the breach occurred)
2. Notify the adjuster if a law may have been broken
3. Cooperate with the carrier in the investigation

All supplemental claim information and general claim correspondence must be sent to:

Chubb Director of Claims P.O. Box 5105 Scranton, PA 18505-0518 (800) 817-2665 cyberalert@chubb.com OR 1stnoticeofloss@chubb.com

With a copy to: AJGRMS Claims Department claims-sf@ajg.com Phone: (415) 546-9300 Fax: (415) 536-4036

Cyber Liability Resources

Enquiron

ICRMA members have access to Cyber Security Awareness resources with Enquiron. These resources offer an array tools designed to help create a culture of security from an HR perspective. The tools include on-demand employee training, workbooks and communication briefs, and customizable incident response plans.  Please contact your member agency’s HR department for additional information.

Cyber Liability carrier

ICRMA’s Cyber Liability carrier, Chubb, has a host of services and resources available on its website, including sample policies (Risk Manager Tools), articles on various Cyber risks (Learning Center) portion, News and Blogs.  You can also connect with various 3^rd party resources at discounted rates already negotiated by Chubb. We encourage members to explore the tools and resources, including the following:

• Antivirus and Malware Policy
• Computer Network Security Policy Template
• Incident Response Plan Policy
• Information Security Policy
• Mobile Computing Policy
• Personal Device Use (BYOD) Policy
• Physical Security Policy
• Posting and Removal of Online Content
• Sample Information Security Policy Template
• Security Awareness Training and Education Policy
• Security Policy 101 – Essential Policies for Business
• Sensitive Information Handling
• Social Networking Acceptable Use
• Web Site Privacy Policy

While some items do not require a password, most require confirmation of ICRMA membership. To register, please click here and complete the New User Registration using Access Code 08002.  Once you submit your credentials you will be able to login.

Chubb additionally provides two FREE services:

• Password Defense

• • Available to Chubb’s cyber policyholders
  • Helps improve cyber security by making it easier for employees to create stronger passwords
  • Generates strong passwords for websites, stores them in a secure vault, and synchronizes them across multiple devices
  • Includes auto login to websites, password benchmarking, and notifications
  • To sign up, visit https://go.dashlane.com/chubboffer

• Online Cyber Security Education

• • Available to Chubb’s cyber policyholders’ employees
  • Online training can be quickly and easily deployed to educate employees
  • Includes two courses: Security Awareness Basics and Security Awareness for Information Technology
  • Enables managers to view employee results and course completion statistics
  • To access, visit http://www.learncyber.com/chubboffer/

The above sites will ask for members to provide their contact information and the Policy Number.

Compliance Assessments

RSM (rsmus.com) is the preferred vendor for Chubb, ICRMA’s Cyber carrier, for various compliance assessments.  RSM offers discounted rates for Chubb clients. Pricing for RSM’s suite of Security and Privacy Due Diligence Services can be viewed here.