Cyber liability insurance coverage is of increasing relevance to benefit plans.
If you're not covered, you should be.
Benefits plans that cover employees and participants who live in a neighboring state from the fund office location would have to comply with both states’ laws if a cyber breach occurred. A plan with a larger participant footprint might have to consider three or four states’ laws.
Add in retirees who have relocated outside the country and the complexities multiply further under the new General Data Protection Regulation (GDPR) laws.
Personally identifiable information (PII) and personal health information (PHI) are the most sought after prizes.
This information can be used to access participants’ assets or sold to scammers. They may also plant viruses that lock up plan office systems until a ransom is paid and in most cases leave systems in disarray.
If this personal information is not properly protected and is then breached or improperly disclosed, mandatory reporting requirements are specified and costly to adhere to.
Cyber liability insurance provides limits of liability that can:
Cyber liability policies also give covered entities access to expert teams that step in the minute a breach is reported to help direct all of the necessary actions.
The policy can also cover the cost of a call center to assist with participants’ questions, credit monitoring services, public relation responsesand additional forensics.
Firewalls and complex logins help, but a large percentage of breaches occur because of errors made by people rather than computers.
Lost or stolen laptops and data storage devices as well as improperly disposed paper records and portal hardware can offer cyber thieves a wealth of information containing both PII and PHI.
In addition to the more common errors from negligence, a plan office may also fall victim to a disgruntled, dishonest or “rogue” employee.
Fiduciary liability and other commercial policies aren’t designed to protect against cyber liability claims. And, because those policies do not focus on cybercrimes, they do not offer the additional services and enough first party costs found in most cyber liability policies.
Information security is crucial. Policies and procedures should be reviewed and strengthened. Data encryption, if not already in place, should be implemented.
Insurance coverage should also be reviewed annually in terms of both coverage levels and policy features. Segal Select offers a complimentary policy review to help you evaluate how prepared you are.
The question is no longer whether my benefits plan will have a breach but rather quickly becoming when will we face a breach. Cyber liability insurance, along with sound security procedures and up-to-date training for all staff, is only one way to minimize the impact.
Get a complimentary assessment of your plan’s insurance coverage.
We'll use our comprehensive benchmarking database to tell you how your limit of liability and premium costs compare to the market.
Share this page