CyberCPA – Cyber Coverage
Cyber-attacks and data breaches continue to make the news, and small to mid-size firms are just as vulnerable as larger organizations. Unlocked computers, lost mobile devices, stale security passwords, and network hacker attacks are just some of the ways CPA firms are exposed to data breaches and cyber risk.
Consider This: A leading cyber insurer projects that costs associated with a data breach can conservatively range from $10 to $30 per record for direct costs such as client notifications, IT services, legal expenses and communication costs. This range does not include indirect costs such as reputation loss and increased client churn (lost clients). A firm with 2,000 client records, at a rate of $20 per record for breach response, may potentially incur over $40,000 worth of expenses. A single incident of this nature can significantly impact a firm’s financial bottom line and reputation.
Core coverages (first-party) include
- Privacy Breach Response Costs – Coverage for reasonable legal, public relations, advertising, IT forensic, call center, and credit monitoring fees, costs to provide identity theft education and assistance to affected individuals, and postage expenses incurred by the firm in response to a privacy breach.
- Network Asset Protection (including Non-physical Business Interruption) – Coverage for reasonable and necessary sums required to recover and/or replace data that is compromised, damaged, lost, erased or corrupted due to accidental damage or destruction of electronic media or computer hardware, administrative or operational mistakes in the handling of data, or computer crime/attacks. Coverage also includes business interruption and extra expense coverage for income loss resulting from a total or partial interruption of the firm’s computer system, which is caused by any of the above events.
- Cyber Extortion – Coverage for extortion expenses and extortion monies incurred as a direct result of a credible cyber extortion threat.
- Cyber Terrorism – Coverage for income loss and interruption expenses incurred as a direct result of a total or partial interruption of the firm’s computer system due to a cyber terrorism attack.
- Zero deductible
- $50,000 per event for each core coverage, and aggregate limits between $50,000 and $250,000 depending on firm size. Or,
- $100,000 per event for each core coverage, and aggregate limits between $100,000 and $500,000 depending on firm size
Breach Response Services
Firms will have access to comprehensive Breach Response Services. Cyber claims experts will work with firms throughout the entire response process, offering services such as:
- IT security and forensic experts
- Public relations/advertising support
- Breach notification to clients
- Credit monitoring and identity theft education and assistance
- Legal counsel
Risk Management and Claims Handling
Firms with CyberCPA coverage will have access to a cyber risk management website with tools and resources providing education on how to safeguard information, how to increase awareness of cyber risk and how to respond in the event of a breach. A suspected or actual privacy breach must be reported directly to CAMICO, who will then engage our breach response service partner. A specialized privacy claims adjuster will be appointed to manage the claim.
This information is provided as a general overview and is not intended to be a complete description of all applicable terms and conditions of coverage. Actual coverages and risk management services and resources may change without notice and are subject to policy provisions as issued. Coverage and risk management services may vary and are provided by CAMICO and/or through its partners and subsidiaries. CAMICO is a registered trademark of CAMICO Mutual Insurance Company. ©CAMICO Mutual Insurance Company. All Rights Reserved.