In recent years there has been much publicity and conversation about the exposures that all enterprises have to an outside person hacking into their computer system. There has been considerable publicity given to very large such events, including Target and other retailers, and even the National Defense System at the Pentagon.
Many times people think this will never happen to them, but as one knowledgeable person in the field mentioned to me, “It’s not a question if you get hacked, it is a question of when”.
All exposures related to cyber-attacks can filter down to individual Municipal Utilities and Cities. For some time now we have offered coverage in this area as an option to IAMU members that they can buy as part of the IAMU Safety Group Program underwritten by EMC Insurance. We have talked about this at length in the IAMU seminars, explaining the various facets of this important coverage. Many IAMU members already have this coverage, but there are still a majority that do not at this point in time.
- Response Expenses – The law provides that any event that compromises personally identifiable data must result in the proper kind of notification to each affected person in the form and frequency provided by the law. Included in this are mandatory services that must be provided to affected individuals, they include a toll free help line, credit monitoring, and identity restoration. As a part of this there can be various costs suffered by affected people that includes not only a loss of their private information, but real financial damage as a result of somebody taking social security numbers, bank account numbers, and any other similar data.
- Network Security Liability – As a result of a cyber event the Utility or City may face liability claims coming from a variety of sources who allege injuries as a result of failure in the security of your systems. This would include a breach of third party business data, unintended propagation of malware, and an unintentional denial or interruption of service.
- Restoration - The third major component is to cover the cost faced by the insured as a result of this attack. This could include the following:
- Data Restoration, including the cost of professional IT Consultants to help replace lost or corrupted data.
- System Restoration, you may need to hire professional firms to help restore your system to its pre-attack level.
- Loss of Business, you may even lose income as a result of interruption of utility services or other services delivered by the City or Utility.