Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need - - PowerPoint PPT Presentation

privacy breach coverage
SMART_READER_LITE
LIVE PREVIEW

Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need - - PowerPoint PPT Presentation

Jan 21, 2023 138 likes •674 views

Privacy Breach Coverage Commercial Lines 2 Agenda Evolving Need for Insurance Enhanced Privacy Breach Endorsements New Privacy Breach Liability Coverage Ease of Underwriting Value Added Services Whats Next?

slide-1
SLIDE 1

Privacy Breach Coverage

Commercial Lines

slide-2
SLIDE 2
  • Evolving Need for Insurance
  • Enhanced Privacy Breach Endorsements
  • New Privacy Breach Liability Coverage
  • Ease of Underwriting
  • Value Added Services
  • What’s Next?
  • Questions

2

Agenda

slide-3
SLIDE 3

Evolving Need for Insurance

3

slide-4
SLIDE 4

Privacy Breach

4

  • Any business that collects personal information has a legal liability

to protect it

  • Breach of Security Safeguards Regulations (BSSR) - Nov 2018
  • European Union General Data Protection Regulation (GDPR) - May 2018

2017 Stats from Breachlevelindex.com by Gemalto

Evolving Need for Insurance

slide-5
SLIDE 5

Privacy Breach

5

Breaches Occur Due to

Decreased revenue

37%

Small businesses

40%

Lost customers

49%

Damage to the brand

43%

slide-6
SLIDE 6

Privacy Breach

6

Commercial Lines Privacy Breach Solution

Third party liability coverage

  • Liability
  • Legal fees or

defence expense

Enhanced New Existing first party endorsements

  • Remediation

expenses

  • Business

interruption

  • Legal expenses
slide-7
SLIDE 7

Enhanced Privacy Breach Endorsements

Form E127 (Version 3) Form E128 (Version 2)

7

slide-8
SLIDE 8

Privacy Breach

8

Effective August 2018

Cyber Expense Endorsement – Form E127

Existing

Cyber Legal Expense Endorsement – Form E128 Privacy Breach Expense Endorsement – Form E127 Privacy Breach Legal Expense Endorsement – Form E128

Name Change

slide-9
SLIDE 9

Privacy Breach

9

Defining Privacy Breach

  • Failure to prevent unauthorized use of or

unauthorized access to data that are non-public and personal information as established by Canadian law and that are possessed, managed, entrusted to or held by the Named Insured

  • Theft of non-computer data

What is a privacy breach?

slide-10
SLIDE 10

Privacy Breach

10

Knowledge Check

What are some examples of personal information?

  • Social insurance number
  • Bank account, credit card, debit card

information

  • Drivers license number
  • PIN numbers
  • Medical diagnosis, patient history and

medications

slide-11
SLIDE 11

Privacy Breach

11

Coverage Overview

Privacy Breach Expense Endorsement Form E127 Privacy Breach Legal Expense Endorsement Form E128 Privacy Breach Expense Coverage

Insuring Agreement A

Business Interruption Coverage

Insuring Agreement B

Coverage Remediation Expenses

  • Notification
  • Computer Forensic

Services

  • Public Relations
  • Credit Monitoring
  • Fraud Monitoring
  • Loss of Income
  • Extra Expense

(includes computer forensic service expenses)

  • Applies to legal fees or

defence expense that are made necessary by a civil proceeding in regard to a covered privacy breach Value Added Services Access to CyberScout services without being subject to conditions, exclusions,

  • r coverage
slide-12
SLIDE 12

Privacy Breach

12

Coverage Enhancements

Business Interruption

Waiting period reduced from 48 hours to 24 hours

  • Coverage applies 24 hrs after a privacy breach is discovered

✓ Faster relief for the customer

Indemnity period increased from 30 days to 60 days

  • Duration of the coverage can increase up to 60 days

✓ Longer relief for the customer

Privacy Breach Expense Endorsement

slide-13
SLIDE 13

Privacy Breach

13

Business Interruption Claim

The breach is proven:

  • Loss of income covered from the 24th

hour versus 48th hour

✓ Customer gains a full of day of business

income

  • Policy will cover up the applicable limit

up to 60 days versus 30 days

✓ Business interruption expenses are

covered for an additional 20 days

Claim: Computer systems were hacked and they could not access computers or operate POS machines. Business was shut down for three days to prevent any damage to customer records while forensic work was done. It took 50 days to return to prior level of income.

Retail Company

slide-14
SLIDE 14

Privacy Breach

14

Coverage Enhancements

Privacy Breach Expense Endorsement

Worldwide coverage up to 60 days

If a privacy breach arises from business activities outside Canada

  • Coverage extended from the US and EU to worldwide
  • Coverage period extended from 30 to 60 days

✓ More employees travel worldwide and for longer period ✓ Wider scope and longer indemnity for the customer

slide-15
SLIDE 15

Privacy Breach

15

Coverage Enhancements

Privacy Breach Expense Endorsement

Privacy breach coverage is extended to smart phones as part

  • f bring your own device to work (BYOD) extension

✓ Peace of mind to customer as privacy breach attacks to smart phones are on the rise

Smart phones

slide-16
SLIDE 16

Privacy Breach

16

Knowledge Check

  • A demand made by an outside entity to the

customer for money or something in value in exchange for not carrying out a threat to commit privacy breach

  • A threat to disseminate, without

authorization, data that are non-public and personal information or to deny, to impede, to make unavailable or to otherwise disrupt access to such data

What is cyber extortion?

slide-17
SLIDE 17

Privacy Breach

17

Knowledge Check

  • Investigation and analysis of, and

documentation for, computer or computing equipment by a certified individual or

  • rganization from outside the customer entity
  • If approved by Intact Insurance, these

services can also be provided by an IT employee of the customer

What are computer forensic services?

slide-18
SLIDE 18

Privacy Breach

18

Cyber Extortion

  • Computer forensic services irrespective of an actual

privacy breach, approved in writing by Intact beforehand

  • Other remediation expenses due to privacy breach caused

directly by cyber extortion

  • Business interruption loss due to privacy breach caused

directly by cyber extortion

✓ Mitigates or prevents the cyber extortion ✓ Relieves customer of additional expenses while dealing with extortion

Coverage Enhancements

Privacy Breach Expense Endorsement

Payments towards ransom, extortion or blackmail payments are excluded

slide-19
SLIDE 19

Exclusion for cloud storage is removed

✓ Benefits customers who are increasingly using cloud services for data storage

“Cloud Storage Market is projected to witness a compound annual growth rate of 29.73% to reach a total market size of US$92.488 billion by 2022, from US$25.171 billion in 2017.”

Research and Markets Report

Cloud Storage

Privacy Breach

19

Coverage Enhancements

Privacy Breach Expense Endorsement

slide-20
SLIDE 20

Privacy Breach

20

Remediation Expenses includes

Required notification of a privacy breach to a governmental entity with authority to regulate the privacy of non-public and personal information of Canadians

✓ Support customers to comply with mandatory reporting of Breach of Security Safeguards Regulations (BSSR) of PIPEDA and European Union General Data Protection Regulation (GDPR)

Coverage Enhancements

Privacy Breach Expense Endorsement

Fines, penalties or assessments of any nature including those related to Payment Card Industry (PCI) Standards are excluded

slide-21
SLIDE 21

Privacy Breach

21

Existing Key Exclusions - Reminder

Expenses arising from any fact or circumstance known prior to the effective date of coverage Prior Knowledge Third Party Liability Loss, damage, expense or costs arising out of liability to a third party Information Technology Security Privacy breach from failure to diligently deploy updated functional security software Computer Forensic Services

  • Computer, device hardware or software costs
  • Payments for service or maintenance
  • Remuneration expense unless approved
slide-22
SLIDE 22

Privacy Breach

22

Cyber Extortion Claim

✓ Expenses for computer forensic services

if agreed in writing by Intact for cyber extortion If breach is proven, covers:

✓ Cloud data ✓ Remediation expenses such as

notification to authorities and clients

✓ Business interruption expenses

Claim: Customer experienced a ransonware attack and a ransom

  • f $4,000 of bitcoin was
  • requested. Credit card information
  • f 5,000 guests may be at risk,

include European guests.

Small Hotel

slide-23
SLIDE 23

Privacy Breach

23

Endorsement Amounts of Insurance

Privacy Breach Expense Endorsement Form E127 Privacy Breach Legal Expense Endorsement Form E128 Privacy Breach Expense Coverage Business Interruption Coverage

$25,000 $25,000 $25,000 $50,000 $50,000 $50,000 $75,000 $75,000 $100,000 $100,000

Higher amounts introduced

$150,000 $150,000 $200,000 $200,000 $250,000 $250,000

slide-24
SLIDE 24

Privacy Breach

24

Pricing – Introductory Limits

Introductory Premium Deductible

  • $1,000 - Privacy Breach Expenses
  • 24-hour waiting period for Business Interruption
  • No waiting period for Extra Expenses
  • Provided that the actual loss sustained under Business

Interruption exceeds the 24-hour waiting period

$120

$25,000

slide-25
SLIDE 25

Privacy Breach

25

Pricing – Higher Limits

Low Medium High

  • Building Owners
  • Apartments & Condos
  • Wholesaling
  • Farms
  • Contracting
  • Forestry

For limits > $25,000, premium is rated based on major class’ relative degree

  • f privacy breach exposure

Common Examples

  • Financial Institutions
  • Healthcare
  • Services
slide-26
SLIDE 26

New Privacy Breach Liability Coverage

Form E161 (Version 1)

26

slide-27
SLIDE 27

Effective August 2018 New coverage for third party liability

Privacy Breach

27

Privacy Breach Liability – Form E161

  • Protects the Intact customer from claims or

actions due to a breach of personal information

  • Recommended as a coverage to complement

the first party endorsements

slide-28
SLIDE 28

Privacy Breach

28

Coverage Overview

Privacy Breach Liability Form E161 Privacy Breach Liability

Insuring Agreement A

Legal Fees or Defence Expense – Liability for Privacy Breach

Insuring Agreement B

Coverage Privacy breach compensatory damages that the customer is legally obligated to pay Legal fees or defence expense Value-Added Services Access to CyberScout services without being subject to conditions, exclusions, or coverage

slide-29
SLIDE 29

Privacy Breach

29

Coverage Highlights

Claims made Worldwide coverage Employees, Directors & Officers covered as claimants No cloud exclusion No deductible

slide-30
SLIDE 30

Per Claim and Aggregate Limit

Privacy Breach Liability Form E161 Per Claim Limit Aggregate limit $50,000 $50,000 $75,000 $75,000 $100,000 $100,000 $250,000 $250,000 / $500,000 $500,000 $500,000 / $1,000,000 $1,000,000 $1,000,000 / $2,000.000 $2,000,000 $2,000,000 ✓ Aggregate limit must equal the 'Per Claim' limit when limit is $100,000 or less ✓ For limits of $250,000 and over, aggregate can be doubled of the 'Per claim' limit.

Privacy Breach

30

slide-31
SLIDE 31

Privacy Breach

31

Key Exclusions

Bodily Injury or Property Damage Information Technology Security Privacy breach from failure to diligently deploy updated functional security software Any claim, privacy breach compensatory damages, or legal fees or defence expense, arising directly or indirectly from bodily injury or property damage Mechanical Breakdown and Service Interruption Interruption of internet or electrical service

slide-32
SLIDE 32

Privacy Breach

32

Retail Company

Privacy Breach Liability Claim

Claim: POS machine was hacked and ransom of $4,000 bitcoin was

  • requested. Credit card information
  • f the store’s clients was stolen

and they became victims of identity theft. Clients sued the retail company.

✓Compensatory damages that the

customer becomes legally obligated to pay

✓Legal fees and defence costs

slide-33
SLIDE 33

Privacy Breach

33

Claim: Patient records were

  • breached. Victims had fraudulent

charges to their credit cards and two of them became victims of identity theft. They seek compensation for costs and losses.

Dental Clinic

Privacy Breach Liability Claim

✓Compensatory damages that the

customer become legally obligated to pay

✓Legal fees and defence costs

slide-34
SLIDE 34

Privacy Breach

34

Claim: Spreadsheet containing confidential personal information

  • f employees had been

mistakenly sent out to public. Several of the employees brought legal actions against the customer.

Construction Company

Privacy Breach Liability Claim

✓Compensatory damages that the

customer become legally obligated to pay due to affected employees

✓Legal fees and defence costs

slide-35
SLIDE 35

Privacy Breach

35

Claim: Laptop case is stolen. Smart phone with confidential client information was also in the

  • case. The victimized clients sue

the real estate agency, submitting proof that the stolen details were used for fraudulent activities.

Real Estate Agency

Privacy Breach Liability Claim

✓Compensatory damages that the

customer becomes legally obligated to pay to the clients that suffered loss due to breach

✓Legal fees and defence costs

slide-36
SLIDE 36

Privacy Breach

36

Pricing

Low Medium High

  • Building Owners
  • Apartments & Condos
  • Wholesaling
  • Farms
  • Contracting
  • Forestry

Premium is rated based on major class’ relative degree of privacy breach exposure Common Examples

  • Financial Institutions
  • Healthcare
  • Services
slide-37
SLIDE 37

Privacy Breach

37

Pricing Examples

Low exposure: Building construction company

Base scenario Scenario 1 Scenario 2 Remediation expenses $25,000 $50,000 $100,000 Business interruption $25,000 $50,000 $100,000 Legal expense $25,000 $50,000 $50,000 Annual premium (Form E127/E128) $120 $165 $271 Privacy Breach Liability Coverage $50,000 $75,000 $100,000 Annual premium (Form E161) $77 $115 $146 Total annual premium $197 $280 $417

slide-38
SLIDE 38

Privacy Breach

38

Pricing Examples

Medium exposure: Wholesaler

Base scenario Scenario 1 Scenario 2 Remediation expenses $25,000 $50,000 $100,000 Business interruption $25,000 $50,000 $100,000 Legal expense $25,000 $50,000 $50,000 Annual premium (Form E127/E128) $120 $239 $394 Privacy Breach Liability Coverage $50,000 $75,000 $100,000 Annual premium (Form E161) $100 $150 $190 Total annual premium $220 $389 $584

slide-39
SLIDE 39

Privacy Breach

39

Pricing Examples

High exposure: Dental clinics

Base scenario Scenario 1 Scenario 2 Remediation expenses $25,000 $50,000 $100,000 Business interruption $25,000 $50,000 $100,000 Legal expense $25,000 $50,000 $50,000 Annual premium (Form E127/E128) $120 $359 $584 Privacy Breach Liability Coverage $50,000 $75,000 $100,000 Annual premium (Form E161) $150 $225 $285 Total annual premium $270 $584 $877

slide-40
SLIDE 40

Ease of Underwriting

40

slide-41
SLIDE 41

$100,000 Privacy Breach Liability coverage

Privacy Breach

41

Ease of Underwriting < $100K

Privacy Breach Legal Expense Endorsement Privacy Breach Expense Endorsement $100,000 $50,000 Amounts/Limits Coverage

✓ Ideal for small to medium sized business customers ✓ No restrictions by class ✓ No application is required

slide-42
SLIDE 42

Privacy Breach

42

Ease of Underwriting

Privacy Breach Legal Expense Endorsement Privacy Breach Liability coverage Privacy Breach Expense Endorsement ✓ Not separable ✓ Must have property coverage ✓ No need for base CGL

✓ Recommended first party and third party coverage as a complete solution ✓ Add to entire portfolio (up to $100K) or individual customer

Amounts/Limits Coverage

slide-43
SLIDE 43

$250,000 $500,000 $1,000,000 $2,000,000 Privacy Breach Liability coverage

Underwriting > $100K

Privacy Breach Expense Endorsement $150,000 $200,000 $250,000 Amounts/limits Coverage

✓ No change in the wordings ✓ Application is required ✓ Portfolio addition is not available

Privacy Breach

43

slide-44
SLIDE 44

Value Added Services

44

slide-45
SLIDE 45

.

Breach protection

To guard against a data loss incident with proactive measures that mitigate risk

Breach response

To defend against a breach with guidance from breach response team

Privacy Breach

45

slide-46
SLIDE 46

Privacy Breach

46

Value Added Services Expert Breach Response

✓ Crisis management ✓ Breach notification writing ✓ Documentation during remediation process ✓ Industry best practices for handling a breach

slide-47
SLIDE 47

Privacy Breach

47

Value Added Services Proactive Breach Protection

  • www. intactinsurance.breachresponse.ca

Global Username: Intactinsurance1 Global Password: Intactinsurance1

slide-48
SLIDE 48

Privacy Breach

48

1.

Call 24/7 Intact Insurance claims service

1-866-464-2424

Value Added Services In the event of a breach

2.

Intact claims collaborate with CyberScout™ experts for an effective privacy breach response

slide-49
SLIDE 49

Privacy Breach

49

Selling Tips

1.Educate to raise awareness of this growing threat 2.Explain how breaches occur 3.Help them assess their vulnerabilities 4.Focus on the extra services included as part of their coverage 5.Walk them through our coverage 6.Put the value in perspective

slide-50
SLIDE 50

What’s Next?

50

Underwriters

  • Questions

Business Development Consultants

  • Follow-up

Meetings Reference materials

  • Presentation
  • Product Sales

Sheets

  • Microsite
slide-51
SLIDE 51

Privacy Breach

51

Technology insurance coverage

Refer to Specialty Solutions

Technology.SS@intact.net

slide-52
SLIDE 52

Questions

52