Cyber Insurance and Your ASC Reduce your risk and the cost of protection BY ROBERT KURTZ


SCs need to prepare for the pos- sibility of a data breach and be ready to respond if it happens, says Michael Wells, chairman of Hylant of Indianapolis, an insurance brokerage and risk management solutions pro- vider in Indianapolis, Indiana. “Data security experts believe it is not a question of if a business will have a cyber incident, but when,” he says. “Most people do not know the ‘bits and bytes’ about how information technol- ogy works, which leads to vulnerabili- ties that cyber criminals can exploit.” One component of preparation should be the consideration of cyber insurance, says Christine Marciano, president of Cyber Data-Risk Manag- ers, a cyber insurance broker based in Princeton, New Jersey. “While cyber insurance cannot prevent a data breach, it can help an ASC investigate and respond when one occurs. Depending upon the outcome of a plaintiff lawsuit or a regulatory investigation, cyber insurance can help pay plaintiff dam- ages and Health Insurance Portability and Accountability Act (HIPAA) regu- latory fines and penalties.”

Understand Your Options If your insurance broker has not dis- cussed cyber insurance coverage with your ASC, raise the issue, Wells says. “Immediately reach out and complete an application to help determine if your ASC should include cyber pro- tection in its insurance and risk man- agement program. Since the appli- cation helps determine how much coverage your ASC needs, it is essen- tially a risk management self-audit that requires you to identify your potential risks and vulnerabilities.” Cyber insurance can cover a wide range, Marciano says. Some areas she cites include network security liabil- ity, privacy liability, breach response,

advises, ASCs should consider the alternatives carefully. “It is advisable to conduct an assessment of cyber insurance policy quotes based on coverages, and not based on premiums,” she says. “Pre- miums often fluctuate significantly by insurance carrier.” Be wary of certain policy exclu-

The more you address your vulnerabilities, the lower the cost will be for you to transfer your risk to an insurance company.”

— Michael Wells Hylant of Indianapolis

credit monitoring, HIPAA regulatory defense, fines and penalties, computer forensics, crisis management, public relations, network interruption, data loss and cyber extortion. Wells advises ASCs to also con-

sider coverage for “social engineer- ing.” This term refers to the tricking of victims, often through fake emails that appear to be from a trustworthy source, into sharing confidential information.

Important Considerations Selecting a cyber insurance pol- icy can be a complex process due to the variety of coverages, conditions and exclusions available, Marciano says. Before settling on a policy, she

26 ASC FOCUS MAY 2017 |

sions, she adds. “Some exclusions you need to pay attention to and will want to ask about include cyber terrorism, lack of encryption on mobile devices, inad- equate security and breach of contract.” Make sure you know what events will and will not trigger the policy, and what response costs and services are covered in the event of a breach, Mar- ciano says. Also find out if the insur- ance policy has rules on the ASC’s selection of vendors, such as those for security, technology and legal counsel.

Cost Factors

Cyber insurance policy premiums are not one-size-fits-all, Marciano cau- tions. Premiums are based on a num- ber of factors, including services pro- vided, number of data records stored and/or processed, data security risks and exposures, computer and net- work security, and annual gross reve- nue. “Premiums can also vary greatly by insurer and the types of coverages selected,” she adds. “Minimum pre- miums usually start at $1,000 for a $1 million policy aggregate. This is typi- cal for a small business sole proprietor. Premiums can reach as high as six fig- ures for mid- to large-sized ASCs that need high coverage limits.”

ASCs can reduce the cost of

cyber insurance coverage by reducing their risk, Wells says. “The more you address your vulnerabilities, the lower the cost will be for you to transfer your risk to an insurance company.”

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30