As personnel in municipal offices change, replacing the knowledge and experience of the person that served your municipality can be difficult. Understanding insurance coverage when so many other things seem to demand our attention may not be a priority. Please let the following serve to provide a basic description of the cyber liability coverage OMAG provides. Please refer to your cyber liability and data breach response supplemental declarations page to review applicable limits.
Information Security and Privacy Liability - Covers damages and claims expenses because of a claim for:
theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization
one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach
the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured
failure to timely disclose an incident described above in violation of any breach notice law
failure to comply with that part of a privacy policy that specifically:
prohibits or restricts the disclosure, sharing or selling of a person’s personally identifiable non-public information;
requires the insured organization to provide access to personally identifiable non-public information or to correct incomplete or inaccurate personally identifiable non-public information after a request is made by a person
mandates procedures and requirements to prevent the loss of personally identifiable non-public information
failure to administer (a) an identity theft prevention program or (b) an information disposal program required by regulations and guidelines
Privacy Breach Response Services - Provides privacy breach response services because of:
theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization; or
one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach
the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured.
Privacy breach response services include the following:
forensic and legal assistance from a panel of experts to help determine the extent of thebreach and the steps needed to comply with applicable laws
notification to persons who must be notified under applicable law
credit and identity monitoring services to affected individuals
public relations and crisis management expenses
Regulatory Defense and Penalties - Covers claims expenses and penalties resulting from a claim in the form of a regulatory proceeding resulting from a violation of privacy law and caused by any of the following incidents:
theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization
one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach
the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured
failure to timely disclose an incident described above in violation of any breach notice law
Website Media Content Liability - Covers damages and claims expenses for one or more of the following acts committed during the course of the insured organization’s display of media material on its website or on social media web pages created or maintained by or on behalf of the insured organization:
Defamation, libel, slander, infliction of emotional distress, outrage, or other tort related to disparagement or harm to the reputation or character of any person or organization
Violation of the rights of privacy of an individual
Invasion or interference with an individual’s right of publicity
Plagiarism, piracy, misappropriation of ideas
Infringement of copyright, domain name, trademark, trade name, trade dress, logo etc
Improper deep-linking or framing within electronic content
PCI Fines, Expenses and Costs - Indemnifies insured for PCI Fines, expenses and costs insured becomes legally obligated to pay because of a claim
Cyber Extortion - Indemnifies the insured for certain cyber extortion loss, subject to policy conditions, as a direct result of an extortion threat
First Party Data Protection - Indemnifies the insured for certain data protection loss incurred as a direct result of:
Alteration, corruption, destruction, deletion, or damage to a data asset
Inability to access a data asset that is directly caused by a failure of computer security to prevent a security breach
First Party Network Business Interruption - Indemnifies the insured for certain business interruption loss sustained during the period of restoration as a direct result of the actual and necessary interruption of computer systems caused directly by a failure of computer security to prevent a security breach
The descriptions contained in this communication are for informational purposes only. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued.
