What is a Cyber Breach?

  • Any incident that results in unauthorized access to computer data, applications, networks or devices
  • Results in information being accessed without authorization
  • Typically, it occurs when an intruder is able to bypass security mechanisms

Types of Cyber Breaches

Malware (Malicious Software)

  • Viruses, trojans, and other destructive computer programs that infect systems and networks to gain access to sensitive information
  • File or code, typically delivered over a network, that infects, explores, steals, or conducts behavior that the attacker wants

Phishing

  • Online scam that targets consumers by sending email that appears to be from a well-known source
  • Asks consumer to provide personal identifying information
  • Scammer uses information to open new accounts or invade the consumer’s existing accounts

Ransomware

  • Malware which targets both human and technical weaknesses in an effort to make critical data and/or systems inaccessible
  • Delivered through various vectors, including phishing and Remote Desktop Protocol, which allows computers to connect to each other across a network
  • Encrypts data on computer system, making it unusable
  • Criminals hold data hostage until a ransom is paid

Vishing (Voice Phishing)

  • Defrauding people over phone, enticing victims to divulge sensitive or confidential information
  • Phone version of email phishing

 

 

Cybersecurity Program Best Practices

  • Formal, well documented cybersecurity program
  • Conduct prudent annual risk assessments
  • Reliable annual third-party audit of security controls
  • Clearly define and assign information security roles and responsibilities
  • Have strong access control procedures
  • Ensure any assets or data are stored in the cloud or managed by a third party service provider and are subject to the appropriate security reviews and independent security assessments
  • Conduct periodic cybersecurity awareness training
  • Implement and manage a secure system development life cycle (SDLC) program
  • Business resiliency program, which effectively addresses business continuity, disaster recovery, and incident response
  • Encrypt sensitive data, stored and in transit
  • Implement strong technical controls in accordance with best security practices
  • Appropriately respond to any past cybersecurity incidents

 

 

 

Cyber Liability Insurance

Benefit trust funds and unions strive to provide the best possible benefits and conditions for workers. In carrying out these goals, they have access to personal information, such as social security numbers and home addresses, of their participants and members. If this data is lost, most states mandate that the entity must respond in a timely manner by notifying potentially affected individuals, regulators, and the press.

Ullico Casualty Group, LLC has partnered with a strong cyber liability insurance provider so that our policyholders have access to both cyber breach response resources and cyber liability protection.

Coverage highlights include:

  • Privacy liability 
  • Breach notification with data breach counsel and a network of experts, including credit monitoring services 
  • Multimedia liability coverage 
  • Crisis Management and Fraud Prevention Expense 
  • Regulatory actions 
  • Ransomware – Cyber extortion 
  • Business Interruption – Business income and digital asset restoration 
  • Electronic fraud sub-limits 
  • Limits range from $250,000 to $2M with higher limits available upon request 

 

To learn more about Cyber Liability Insurance, visit
https://www.ullico.com/casualty/cyber-liability-insurance.

For an enrollment form, please contact your broker or Mae Palmer at mpalmer@ullico.com.