Re: Cyber liability insurance coverage

[Nathan Zierfuss <nathan.zierfuss () ALASKA EDU>]

We recently worked with a broker and found only 2 carriers to choose from.
The coverages were different and the broker did a great job of distilling
down the differences leading to an easy choice of who to go with. The
prices were not significantly different. Surprisingly the better policy was
cheaper at the level of coverage we wanted.

Both carriers were a little light in their coverage amount for PII breach
coverage so we adjusted this up along with the coverage for
regulatory proceedings. We offset some of this be decreasing coverage for
network extortion.

One thing that stood out for me was while this insurance will cover events
originating from anywhere but OFAC list countries we have seen a shift in
threat activity in the last few years. It is increasingly motivated by
ideology and/or state sponsored. Since most of these policies have
exceptions for acts of terrorism and war how will claims
for ideology motivated acts, intellectual property thief or DoS that are
state sponsored be treated. Will insurers call them terrorism or acts of
war to avoid the liability when they have the same impact.

Nathan

On Tue, Jan 3, 2012 at 8:14 AM, David Scott <dwscott () fhu edu> wrote:

> We're about to review our liability coverage for cyber events and
> before we got started I wanted to see how involved any of you had been
> in this process at your institutions, and what you found? Please share
> your experience and findings.
>
> Thank you,
>
> --
> David Scott
> Freed-Hardeman University
> dwscott () fhu edu
> 731.989.6434



-- 
Nathan Zierfuss, CISSP, Information Security Officer
-
Technology Oversight Services, University of Alaska
910 Yukon Dr. Suite 105, PO Box 755320
Fairbanks, Alaska 99775-5320
-
Phone: 907-450-8112  Fax: 907-450-8381