Cyber Liability Insurance Coverage: Here’s Why You May Need it

Cyber liability insurance coverage is of increasing relevance to benefit plans. 

If you're not covered, you should be. 

Get Your Free Consultation

How might differences in state and federal laws impact a local plan office?

Benefits plans that cover employees and participants who live in a neighboring state from the fund office location would have to comply with both states’ laws if a cyber breach occurred. A plan with a larger participant footprint might have to consider three or four states’ laws.

Add in retirees who have relocated outside the country  and the complexities multiply further under the new General Data Protection Regulation (GDPR) laws.

What do cyber thieves pursue?

Personally identifiable information (PII) and personal health information (PHI) are the most sought after prizes.

This information can be used to access participants’ assets or sold to scammers. They may also plant viruses that lock up plan office systems until a ransom is paid and in most cases leave systems in disarray. 

If this personal information is not properly protected and is then breached or improperly disclosed, mandatory reporting requirements are specified and costly to adhere to.

How does cyber liability insurance help?

Cyber liability insurance provides limits of liability that can:

  • help pay the cost of notification,
  • provide coverage for other associated costs (such as reporting to all affected participants), and
  • provide liability insurance protection should the plan or its fiduciaries and employees be sued.

Cyber liability policies also give covered entities access to expert teams that step in the minute a breach is reported to help direct all of the necessary actions.

The policy can also cover the cost of a call center to assist with participants’ questions, credit monitoring services, public relation responsesand additional forensics.

Wouldn’t strong firewall software be enough to stop hackers and cyber thieves?

Firewalls and complex logins help, but a large percentage of breaches occur because of errors made by people rather than computers.

Lost or stolen laptops and data storage devices as well as improperly disposed paper records and portal hardware can offer cyber thieves a wealth of information containing both PII and PHI.

In addition to the more common errors from negligence, a plan office may also fall victim to a disgruntled, dishonest or “rogue” employee.

But what if the plan already has insurance coverage in place?

Fiduciary liability and other commercial policies aren’t designed to protect against cyber liability claims. And, because those policies do not focus on cybercrimes, they do not offer the additional services and enough first party costs found in most cyber liability policies.

What first steps should we consider?

Information security is crucial. Policies and procedures should be reviewed and strengthened. Data encryption, if not already in place, should be implemented.

Insurance coverage should also be reviewed annually in terms of both coverage levels and policy features. Segal Select offers a complimentary policy review to help you evaluate how prepared you are.

What is the one takeaway when considering cyber liability insurance?

The question is no longer whether my benefits plan will have a breach but rather quickly becoming when will we face a breach. Cyber liability insurance, along with sound security procedures and up-to-date training for all staff, is only one way to minimize the impact.

Want to learn more? Get Your Free Consultation

Get a complimentary assessment of your plan’s insurance coverage.

We'll use our comprehensive benchmarking database to tell you how your limit of liability and premium costs compare to the market. 

Get Your Free Consultation

Share this page