All 50 States have enacted laws to protect individual personal information, and these laws have been updated and strengthened in recent years as threats increased and breach incidents have become more common. An almost impossible challenge for multiemployer funds is keeping current on the requirements of all of these laws.
How might differences in state and federal laws impact a local fund office?
Funds that cover workers and participants who live in a neighboring state from the fund office location would have to comply with both states’ laws if a cyber breach occurred. A fund with a larger footprint might have to consider three or four states’ laws. Add in retirees who have relocated some distance and the complexities multiply further.
What do cyber thieves pursue?
Personally identifiable information (PII) and personal health information (PHI) are the most sought after prizes. This information can be used to access participants’ assets or sold to scammers. They may also plant viruses that lock up fund office systems until a ransom is paid and in most cases leave systems in disarray.
If this personal information is not properly protected and is then breached or improperly disclosed, mandatory reporting requirements are specified and costly to adhere to.
How does cyber liability insurance help?
Cyber liability insurance provides limits of liability that can:
Cyber liability policies also give covered entities access to expert teams that step in the minute a breach is reported to help direct all of the necessary actions. The policy can also cover the cost of a call center to assist with participants’ questions, credit monitoring services and additional forensics.
Wouldn’t strong firewall software be enough to stop hackers and cyber thieves?
Firewalls and complex logins help, but a large percentage of breaches occur because of errors made by people rather than computers. Lost or stolen laptops and data storage devices as well as improperly disposed paper records can offer cyber thieves a wealth of information containing both PII and PHI.
In addition to the more common errors from negligence, a fund may also fall victim to a disgruntled, dishonest or “rogue” employee.
But what if the fund already has insurance coverage in place?
Fiduciary liability and other policies aren’t designed to protect against cyber liability claims. And, because those policies do not focus on cybercrimes, they do not offer the additional services and first party costs found in most cyber liability policies.
What first steps should we consider?
Information security is crucial. Policies and procedures should be reviewed and strengthened. Data encryption, if not already in place, should be implemented. Insurance coverage should also be reviewed annually in terms of both coverage levels and policy features.
Segal Select offers a free policy review to help you evaluate how prepared you are.
What is the one takeaway when considering cyber liability insurance?
The question is no longer whether my fund will have a breach but rather quickly becoming when will we face a breach. Cyber liability insurance, along with sound security procedures and up-to-date training for all staff, is only one way to minimize the impact.
Want to learn more?
Watch our Introduction to Cyber Liability Insurance video below to learn the basics of this important coverage.
Share this page