Every day there is a new headline.
- Waxhaw works with state experts to tackle cyberattack on town systems
- Cyberattack in St. Joseph, Mo., may have exposed resident data
- After Cyber Attack, St. Paul, Minn., Restores Public Internet
Bad actors continue to target public entities, exploit victims, and cause disruption. As October is Cybersecurity Awareness Month, it’s a good time to review the coverages and services VRSA offers to protect your entity.
In 2012, VRSA was the first group self-insurance pool in the Commonwealth to provide cyber coverage for our members. This coverage was developed to protect members from increasing attacks on public entities, including breaches of Personally Identifiable Information, Personal Credit Information, or Personal Health Information.
Over the years, the coverage has evolved to cover new forms of loss. So too have the services provided. We were the first in Virginia to offer the services of a dedicated cyber defense attorney to manage and respond to incidents, ensuring our commitment to service is met. We have also expanded our cybersecurity services to help members identify and implement controls to prevent and reduce losses.
“While October is Cybersecurity Awareness Month, it’s important to educate employees about cybersecurity risks year-round,” said VRSA Managing Director Marcus Hensel. “Some of the most effective control measures are also some of the simplest.”
VRSA continues to provide broad coverage for our members while providing unmatched training and education about the importance of cybersecurity.
The coverage protects against financial loss, including direct costs (ransomware, cyber extortion, breach investigation, system restoration, and notification of affected parties), and indirect costs (business interruption, reputational damage).
Early cyber liability form is focused primarily on security and privacy liability (third-party liability claims), privacy notification costs coverage, and coverage for regulatory defense and penalties.
VRSA’s form includes automatic coverage for business interruption, fraudulent instruction, ransomware, consequential reputational loss, dependent business interruption, and system failure.
As seen in the graph above, some of these coverages represent a significant percentage of VRSA claims. We include these coverages automatically, but others may not. Also, it is important to review the exclusions related to these coverages.
Unlike others, we try not to offer coverage with the intention to exclude losses based on conditions within the policy.
In the past policy year, VRSA accepted 100% of our cyber claims.
“Our coverages and services ensure you have support before, during, and after a loss,” said Hensel. “This includes vulnerability testing, cyber training resources, and access to experts and legal guidance.”
Our financial strength allows us to offer the broadest cyber protections with stable pricing to ease our members’ worries. For more information on your cyber coverage or resources available, please visit www.vrsa.us or contact your dedicated coverage specialist.