Understanding Your OMAG Cyber Liability Coverage

As personnel in municipal offices change, replacing the knowledge and experience of the person that served your municipality can be difficult.  Understanding insurance coverage when so many other things seem to demand our attention may not be a priority. Please let the following serve to provide a basic description of the cyber liability coverage OMAG provides.  Please refer to your cyber liability and data breach response supplemental declarations page to review applicable limits. 

Information Security and Privacy Liability - Covers damages and claims expenses because of a claim for:

CyberSecurity.jpg

•    theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization
•    one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

  • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
  • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
  • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured

•    failure to timely disclose an incident described above in violation of any breach notice law
•    failure to comply with that part of a privacy policy that specifically:

  • prohibits or restricts the disclosure, sharing or selling of a person’s personally identifiable non-public information;
  • requires the insured organization to provide access to personally identifiable non-public information or to correct incomplete or inaccurate personally identifiable non-public information after a request is made by a person
  • mandates procedures and requirements to prevent the loss of personally identifiable non-public information

•    failure to administer (a) an identity theft prevention program or (b) an information disposal program required by regulations and guidelines

Privacy Breach Response Services - Provides privacy breach response services because of:

•    theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization; or
•    one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

  • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
  • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
  • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured.

Privacy breach response services include the following:
•    forensic and legal assistance from a panel of experts to help determine the extent of the breach and the steps needed to comply with applicable laws
•    notification to persons who must be notified under applicable law
•    credit and identity monitoring services to affected individuals
•    public relations and crisis management expenses

Regulatory Defense and Penalties - Covers claims expenses and penalties resulting from a claim in the form of a regulatory proceeding resulting from a violation of privacy law and caused by any of the following incidents:

•    theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization
•    one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

  • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems
  • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or
  • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured

•    failure to timely disclose an incident described above in violation of any breach notice law

Website Media Content Liability - Covers damages and claims expenses for one or more of the following acts committed during the course of the insured organization’s display of media material on its website or on social media web pages created or maintained by or on behalf of the insured organization:

•    Defamation, libel, slander, infliction of emotional distress, outrage, or other tort related to disparagement or harm to the reputation or character of any person or organization
•    Violation of the rights of privacy of an individual
•    Invasion or interference with an individual’s right of publicity
•    Plagiarism, piracy, misappropriation of ideas
•    Infringement of copyright, domain name, trademark, trade name, trade dress, logo etc
•    Improper deep-linking or framing within electronic content

top-ten-cyber-security-companies.jpg

PCI Fines, Expenses and Costs - Indemnifies insured for PCI Fines, expenses and costs insured becomes legally obligated to pay because of a claim

Cyber Extortion - Indemnifies the insured for certain cyber extortion loss, subject to policy conditions, as a direct result of an extortion threat 

First Party Data Protection - Indemnifies the insured for certain data protection loss incurred as a direct result of: 

•    Alteration, corruption, destruction, deletion, or damage to a data asset
•    Inability to access a data asset
that is directly caused by a failure of computer security to prevent a security breach

First Party Network Business Interruption - Indemnifies the insured for certain business interruption loss sustained during the period of restoration as a direct result of the actual and necessary interruption of computer systems caused directly by a failure of computer security to prevent a security breach

The descriptions contained in this communication are for informational purposes only. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. 

Print Friendly and PDF