Breaking down cyber insurance and resources available

By VRSA Chief Information Officer Karen Inman and VRSA Director of Member Services Marcus Hensel

As we continue our cyber dialogue from earlier this month, cyber threats continue to grow more sophisticated and are increasingly common in the headlines. Public bodies face unique challenges from cyber threats, and the options available for managing these threats are constrained.

The Virginia Risk Sharing Association (VRSA) has responded to these challenges and constraints by broadening our coverage and obtaining needed resources for our members. Our cyber insurance provides coverage for liability, data breach and cybercrimes. This coverage may also be referred to as cyber risk insurance or cyber security insurance. Cyber liability coverage is available to cover losses arising out of failure to protect sensitive information.

We also offer access to the data breach fund – which is important as this is where 100% of the costs are incurred. This limit covers expenses to retain a computer forensics firm to determine scope of breach, notify customers or employees whose sensitive personal information was breached, provide credit monitoring services to affected individuals, and obtain public relations services.

Combined, these are considered hard costs, as the amounts fall into a predictable range and are covered by insurance. Beyond hard costs are soft costs. These expenses vary widely by organization following a cyber event. Costs are incurred to close gaps by upgrading applications, systems and networks.

Like any coverage, public bodies may invest more now to lower the likelihood or severity of losses. By investing time, money, and resources into a cyber security program there can be a reduction in losses. VRSA’s resources provide an understanding of industry best practices in cyber security risk management, governance and operations.

For example, a resource offered through Risk Based Security is YourCISO.  YourCISO provides public bodies with access to information security resources, a security health check, awareness training, security program sample documentation and incident response. Members also have access to Beazley Breach Solutions. This resource provides planning, training and online learning and webinars.

The VRSA Online University includes cyber courses for education and training such as Security Awareness and Preventing Phishing. These resources are included for no additional cost to our members to promote not only secure networks and systems, but also more educated and trained staff.

By educating and training staff and upgrading applications, systems and networks, public bodies can lower the probability of a cyber related loss.