`

Cybersecurity

Understanding Your OMAG Cyber Liability Coverage

As personnel in municipal offices change, replacing the knowledge and experience of the person that served your municipality can be difficult.  Understanding insurance coverage when so many other things seem to demand our attention may not be a priority. Please let the following serve to provide a basic description of the cyber liability coverage OMAG provides.  Please refer to your cyber liability and data breach response supplemental declarations page to review applicable limits. 

Information Security and Privacy Liability - Covers damages and claims expenses because of a claim for:

CyberSecurity.jpg
  • theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization

  • one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

    • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems

    • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or

    • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured

  • failure to timely disclose an incident described above in violation of any breach notice law
    failure to comply with that part of a privacy policy that specifically:

  • prohibits or restricts the disclosure, sharing or selling of a person’s personally identifiable non-public information;

    • requires the insured organization to provide access to personally identifiable non-public information or to correct incomplete or inaccurate personally identifiable non-public information after a request is made by a person

    • mandates procedures and requirements to prevent the loss of personally identifiable non-public information

    • failure to administer (a) an identity theft prevention program or (b) an information disposal program required by regulations and guidelines

Privacy Breach Response Services - Provides privacy breach response services because of:

  • theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization; or

  • one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

    • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems

    • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or

    • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured.

  • Privacy breach response services include the following:
    forensic and legal assistance from a panel of experts to help determine the extent of the

  • breach and the steps needed to comply with applicable laws

  • notification to persons who must be notified under applicable law
    credit and identity monitoring services to affected individuals
    public relations and crisis management expenses

Regulatory Defense and Penalties - Covers claims expenses and penalties resulting from a claim in the form of a regulatory proceeding resulting from a violation of privacy law and caused by any of the following incidents:

  • theft, loss, or unauthorized disclosure of personally identifiable non-public information or third-party information that is in the care, custody, or control of the insured organization

  • one or more of the following acts or incidents that directly result from a failure of computer security to prevent a security breach

    • the alteration, corruption, destruction, deletion, or damage to data stored on computer systems

    • the failure to prevent transmission of malicious code from computer systems to computer or network systems that are not owned, operated or controlled by an insured; or

    • the participation by the insured organization’s computer systems in a denial of service attack directed against a computer or network systems that are not owned, operated or controlled by an insured

    • failure to timely disclose an incident described above in violation of any breach notice law

Website Media Content Liability - Covers damages and claims expenses for one or more of the following acts committed during the course of the insured organization’s display of media material on its website or on social media web pages created or maintained by or on behalf of the insured organization:

  • Defamation, libel, slander, infliction of emotional distress, outrage, or other tort related to disparagement or harm to the reputation or character of any person or organization

  • Violation of the rights of privacy of an individual

  • Invasion or interference with an individual’s right of publicity

  • Plagiarism, piracy, misappropriation of ideas

  • Infringement of copyright, domain name, trademark, trade name, trade dress, logo etc

  • Improper deep-linking or framing within electronic content

top-ten-cyber-security-companies.jpg

PCI Fines, Expenses and Costs - Indemnifies insured for PCI Fines, expenses and costs insured becomes legally obligated to pay because of a claim

Cyber Extortion - Indemnifies the insured for certain cyber extortion loss, subject to policy conditions, as a direct result of an extortion threat 

First Party Data Protection - Indemnifies the insured for certain data protection loss incurred as a direct result of: 

  • Alteration, corruption, destruction, deletion, or damage to a data asset

  • Inability to access a data asset that is directly caused by a failure of computer security to prevent a security breach

First Party Network Business Interruption - Indemnifies the insured for certain business interruption loss sustained during the period of restoration as a direct result of the actual and necessary interruption of computer systems caused directly by a failure of computer security to prevent a security breach

The descriptions contained in this communication are for informational purposes only. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. 

Print Friendly and PDF

Petya Ransomware Helpful Tips

Petya Ransomware Helpful Tips

By now, you've probably seen the news that a new ransomware virus called Petya, similar to last month's WannaCry, has quickly overwhelmed several large organizations across multiple countries. Like last time (and all of the time's before that), OMAG Technology Services is actively monitoring the news and ready to assist any OMAG members or participants affected by this and other cyber attacks. It appears as though the primary way that Petya spreads is through infected email attachments or links, though there appear to be other, scarier methods that don't require user intervention, especially once an infection has taken hold on a computer network.

Print Friendly and PDF