28 Oct For this assignment all students will be using the same materials linked here. The type of organization you have been working with will not have a major bearing on your analysis or responses.
Assignment Overview: For this assignment all students will be using the same materials linked here. The type of organization you have been working with will not have a major bearing on your analysis or responses. The goal of this assignment is to apply the policy review analysis strategies and techniques we have been discussing during lectures. Analyzing cyber insurance policies and understanding how coverage applies to claims takes direct experience and practice reviewing many different types of policies. This assignment is designed to give you some practice examining a full cyber insurance policy in the context of a simulated real-world example.
Assignment Structure
- Documentation – Each student will be provided the following documents to complete the assignment:
- Assignment Instructions & Cyber Insurance Policy Review Worksheet (this document)
- Sample Cyber Insurance Declarations Page – “UBTech CySure Declarations Page”
- Sample Travelers Cyber Insurance Policy – “Travelers Cyber Risk Policy Form Sample”
- Grading – This assignment will be graded on a 100 point scale with 50 points per section.
- The first 10 questions have a right or wrong answer and all answers can be found in the Sample Cyber Insurance Declarations Page. This section is worth a total of 50 points.
- The second set of 6 questions are a bit more challenging and are based on your interpretation of policy language Insuring Agreements, Definitions and Exclusions. These questions will be graded based on level of effort, accuracy and thought put into your responses. This section is worth a total of 50 points.
Fall 2022 Assignment 4
Cyber Insurance Policy Review
|
Your Name: |
Cyber Insurance Policy Review Instructions
Assignment Overview: For this assignment all students will be using the same materials. The type of organization you have been working with will not have a major bearing on your analysis or responses. The goal of this assignment is to apply the policy review analysis strategies and techniques we have been discussing during lectures. Analyzing cyber insurance policies and understanding how coverage applies to claims takes direct experience and practice reviewing many different types of policies. This assignment is designed to give you some practice examining a full cyber insurance policy in the context of a simulated real-world example.
Assignment Structure
1. Documentation – Each student will be provided the following documents to complete the assignment:
a. Assignment Instructions & Cyber Insurance Policy Review Worksheet (this document)
b. Sample Cyber Insurance Declarations Page – “UBTech CySure Declarations Page”
c. Sample Travelers Cyber Insurance Policy – “Travelers Cyber Risk Policy Form Sample”
2. Grading – This assignment will be graded on a 100 point scale with 50 points per section.
a. The first 10 questions have a right or wrong answer and all answers can be found in the Sample Cyber Insurance Declarations Page. This section is worth a total of 50 points.
b. The second set of 6 questions are a bit more challenging and are based on your interpretation of policy language Insuring Agreements, Definitions and Exclusions. These questions will be graded based on level of effort, accuracy and thought put into your responses. This section is worth a total of 50 points.
Guidance
1. Resources – All questions are based on topics we covered in sessions 7 & 8 and will align with the slides presented during these lectures. I recommend you use the slides from these lectures as guidance as you are completing this assignment.
2. Sample responses – Each section of the Cyber Insurance Policy Review Worksheet will include sample questions and answers. I will indicate where these sample answers can be found in the documentation provided.
3. Questions and Concerns – We will dedicate time during class on October 27th to walking through this assignment and answer any questions. Please bring any questions with you to class on 10/27. You can also contact me via email [email protected] for any other questions or assistance.
4. If time permits, I will do my best to provide feedback on early submissions but you must email me requesting feedback if desired. For this assignment I will not be able to provide detailed feedback prior to submission. Instead, I will highlight answers or areas that need to be reviewed or corrected.
Section 1: Policy Declarations Review
|
# |
Question |
Your Response |
Reviewer Notes (Leave Blank) |
|
0 |
SAMPLE: What is the name of the insurer writing this policy? |
UBTech CySure |
I found this on page 1 of the Declarations where the Insurer is listed. As a note we will use UBTech CySure as the Insurer for this exercise even though we are reviewing Travelers documents. |
|
1 |
Is the carrier providing this policy Admitted or Non-Admitted? |
||
|
2 |
Who is the Named Insured? |
||
|
3 |
What is the total cost of this policy? |
||
|
4 |
What is the policy aggregate limit? |
||
|
5 |
How long is the policy period? |
||
|
6 |
Does this policy provide coverage for unknown prior acts that may have occurred prior to the policy inception date? |
(Yes or No) |
|
|
7 |
Do all coverages share the policy aggregate limit or are any coverages provided outside the policy aggregate limit? |
||
|
8 |
How long does an organization have to wait before filing a Business Interruption Claim |
||
|
9 |
Is Cyber Extortion coverage provided at full limits or is coverage sublimited? If sublimited, please provide available limit. |
||
|
10 |
Are there any coverages listed on the declarations page that are not being offered to this Insured? If so, please list coverage(s) not provided. |
Note: Use the document titled “UBTech CySure Declarations Page” to answer questions in this section.
Section 2: Insuring Agreement, Definitions & Exclusion
|
# |
Question |
Your Response |
Reviewer Notes (Leave Blank) |
|
0 |
SAMPLE: The Coverage Trigger for the Privacy and Security insuring agreement is a Privacy and Security Act. Does the definition of Privacy and Security act include more than just a Privacy Breach? Based on your interpretation of this definition does this allow the coverage to be triggered by both a Privacy Breach as well as a Security Failure/Breach? |
Yes, the definition of Privacy And Security act includes both failure to prevent at Privacy Breach and failure to prevent a Security Breach. |
For this response I looked at the definition of “Privacy and Security Act” in the Travelers policy to confirm the definition covers both Privacy Brach and Security Failure. |
|
1 |
Does the Privacy Breach Notification insuring agreement cover Voluntary Notification costs? If so, please identify the definition in this insuring agreement includes Voluntary Notification costs? |
||
|
2 |
The Computer and Legal Expert insuring agreement covers many of the First Party Cyber Event Expenses we have been discussing in lectures. Can this coverage be triggered by failure to prevent a privacy breach as well as a failure to prevent a security breach? |
||
|
3 |
Do you think this policy provides coverage for an employee of the Insured organization being tricked into making a fraudulent payment because they are mislead by a cybercriminal? If so, what insuring agreement best covers this type of loss. |
||
|
4 |
If an IT Provider the Insured Organization uses to conduct business is taken down by a cyberattack, does this policy cover the lost income during time of disruption? If yes, please identify the insuring agreement that best covers this type of loss. |
||
|
5 |
Does the definition of “Computer System” apply to systems that are owned, operated and controlled by the Insured organization as well as any type outsourced cloud or hosted IT services they may use? |
||
|
6 |
This policy EXCLUDES losses triggered by War. Based on your review of exclusions do you think some losses related to actual or alleged cyberterrorism events would be considered? |
Note: Use the document titled “Travelers Cyber Risk Policy Form Sample” to answer questions in this section.
1
1
1
,
CYB-16001 Rev. 06-20 Page 1 of 20 © 2020 The Travelers Indemnity Company. All rights reserved.
CyberRisk Coverage
Only the Insuring Agreements with Limits shown in the CyberRisk Declarations apply.
Liability Insuring Agreements
Privacy And Security. The Insurer will pay Loss on behalf of the Insured, resulting from a Claim that is first made during the Policy Period, or any applicable extended reporting period, for a Privacy And Security Act.
Media. The Insurer will pay Loss on behalf of the Insured, resulting from a Claim that is first made during the Policy Period, or any applicable extended reporting period, for a Media Act.
Regulatory Proceedings. The Insurer will pay Defense Costs and Regulatory Costs on behalf of the Insured, resulting from a Regulatory Proceeding that is first commenced during the Policy Period, or any applicable extended reporting period, for a Privacy And Security Act or Media Act.
Breach Response Insuring Agreements
Privacy Breach Notification. The Insurer will reimburse, or pay on behalf of, the Insured for Privacy Breach Notification Costs resulting from an actual or suspected Privacy Breach that is Discovered during the Policy Period, or any extended discovery period.
Computer And Legal Experts.
The Insurer will reimburse, or pay on behalf of, the Insured for Computer And Legal Expert Costs resulting from an actual or suspected:
1. Privacy Breach; 2. Security Breach; or 3. Cyber Extortion Threat, that is Discovered during the Policy Period, or any extended discovery period.
Betterment. The Insurer will reimburse the Insured for Betterment Costs, following a Security Breach that is Discovered during the Policy Period.
Cyber Extortion. The Insurer will reimburse, or pay on behalf of, the Insured for Cyber Extortion Costs, resulting from a Cyber Extortion Threat that is Discovered during the Policy Period.
Data Restoration. The Insurer will reimburse, or pay on behalf of, the Insured for Restoration Costs, directly caused by a Security Breach that is Discovered during the Policy Period.
Public Relations. The Insurer will reimburse, or pay on behalf of, the Insured for Public Relations Costs, resulting from an actual or suspected:
1. Privacy And Security Act; or 2. Media Act, that is Discovered during the Policy Period, or any extended discovery period.
Cyber Crime Insuring Agreements
Computer Fraud. The Insurer will pay the Insured Entity for its direct loss of Money, Securities, or Other Property, directly caused by Computer Fraud that is Discovered during the Policy Period.
Funds Transfer Fraud. The Insurer will pay the Insured Entity for its direct loss of Money or Securities, directly caused by Funds Transfer Fraud that is Discovered during the Policy Period.
Spe cim
en
Cyber Crime Insuring Agreements continued from previous page.
CYB-16001 Rev. 06-20 Page 2 of 20 © 2020 The Travelers Indemnity Company. All rights reserved.
Social Engineering Fraud. The Insurer will pay the Insured Entity for its direct loss of Money or Securities, directly caused by Social Engineering Fraud that is Discovered during the Policy Period.
Telecom Fraud. The Insurer will pay the Insured Entity for its Telecom Charges, directly caused by Telecom Fraud that is Discovered during the Policy Period.
Business Loss Insuring Agreements
Business Interruption. The Insurer will pay the Insured for its Business Interruption Loss that is directly caused by any of the following, if Discovered during the Policy Period:
1. A Security Breach that results in a total or partial interruption of a Computer System. 2. A System Failure, if applicable. 3. The voluntary shutdown of a Computer System by the Insured, if it is reasonably necessary
to minimize the Loss caused by a Security Breach or Privacy Breach in progress.
Dependent Business Interruption.
The Insurer will pay the Insured for its Business Interruption Loss, directly caused by an IT Provider Breach that is Discovered during the Policy Period.
Reputation Harm. The Insurer will pay the Insured for its Reputation Harm, directly caused by an Adverse Media Report or Notification that:
1. first occurs during, or within 60 days after, the Policy Period; and 2. directly relates to a Privacy Breach or Security Breach that is Discovered during the Policy
Period.
Definitions
Accounting Costs. Means the reasonable fees or costs of a forensic accounting firm, incurred by the Insured Entity, to calculate Income Loss, even if such calculation shows there has been no Income Loss.
Additional Insured. Means a person or entity, not otherwise an Insured, with whom the Insured Entity has entered into a written agreement to include as an Insured, but only for Wrongful Acts:
1. by, or on behalf of, the Insured Entity under such agreement; and 2. that occur after the Insured Entity has executed such agreement.
Adverse Media Report. Means any communication of an actual or potential Privacy Breach or Security Breach by a media outlet. Multiple Adverse Media Reports regarding the same Privacy Breach or Security Breach are deemed one Adverse Media Report.
Approved Provider. Means a service provider approved by the Insurer in writing to the Insured.
Automatic ERP. Means a 90-day extended reporting period starting on the effective date this Coverage is canceled or not renewed.
Betterment Costs. 1. Means the reasonable costs incurred and paid by the Insured, with the Insurer’s written consent, for hardware or software to improve a Computer System after a Security Breach, if:
a. the Security Breach has been stopped or contained, and resulted in covered Computer And Legal Expert Costs;
b. the Approved Provider that provided computer services in response to such Security Breach:
i. has identified a weakness in a Computer System that caused, or contributed to, the Security Breach; and
ii. recommends the improvements to prevent a future Security Breach from exploiting such weakness; and
Spe cim
en
Definitions continued from previous page.
CYB-16001 Rev. 06-20 Page 3 of 20 © 2020 The Travelers Indemnity Company. All rights reserved.
c. such improvements are incurred and paid for by the Insured within the earlier of 90 days after:
i. the recommendation by the Approved Provider; or ii. the end of the Policy Period.
Costs for improvements that are subject to a license, lease, or subscription will be limited to the pro rata portion of such costs for the first 12 months. 2. Does not include wages, benefits, or overhead of any Insured.
Business Interruption Loss. 1. Means: a. Income Loss and Extra Expense incurred or paid by the Insured Entity during the Period
Of Restoration; and b. Accounting Costs, if the Insured Entity’s business operations are interrupted beyond the
Wait Period. 2. Does not include loss arising out of harm to the Insured Entity’s reputation.
Change Of Control. Means when: 1. more than 50% of the Named Insured’s assets are acquired; or 2. the Named Insured is merged with, or consolidated into, another entity, and the Named
Insured is not the surviving entity.
Claim. Means: 1. a written demand for monetary or nonmonetary relief, including injunctive relief,
commenced by an Insured’s receipt of such written demand; 2. a civil proceeding, commenced by the service of a complaint or similar pleading; 3. an arbitration, mediation, or similar alternative dispute resolution proceeding, commenced
by the service of an arbitration petition or similar legal document; 4. a written request to toll or waive a statute of limitations relating to a potential civil or
administrative proceeding, commenced by an Insured’s receipt of such written request; or 5. for the Regulatory Proceedings Insuring Agreement only, a Regulatory Proceeding,
commenced by: a. the filing of charges; b. the filing of an investigative order; c. the service of a summons; or d. the service or filing of a similar document,
against an Insured for a Wrongful Act. Except under Other Conditions, Notice Of Claim, a Claim is deemed made when commenced.
Client. Means a person or entity to whom the Insured Entity: 1. provides goods; or 2. performs services, for a fee, or under a written agreement.
Computer And Legal Expert Costs.
1. Means the reasonable fees or costs incurred or paid by the Insured for services recommended and provided by an Approved Provider, to:
a. conduct a forensic analysis to determine the existence and cause of a Privacy Breach, Security Breach, or Cyber Extortion Threat;
b. determine whose Confidential Information was lost or stolen; or accessed or disclosed without authorization;
c. contain or stop a Privacy Breach or Security Breach in progress; d. certify the Computer System meets Payment Card Security Standards, if a Security
Breach Discovered during the Policy Period results in noncompliance with such standards, but only for the first certification; or
Spe cim
en
Definitions continued from previous page.
CYB-16001 Rev. 06-20 Page 4 of 20 © 2020 The Travelers Indemnity Company. All rights reserved.
e. provide legal services to respond to a Privacy Breach or Security Breach. 2. Does not include Defense Costs or Privacy Breach Notification Costs.
Computer Fraud. 1. Means an intentional, unauthorized, and fraudulent entry or change of data or computer instructions, directly into or within, a Computer System, that:
a. is not made by an Insured Person, an Independent Contractor, or any other person under the direct supervision of the Insured; and
b. causes Money, Securities, or Other Property to be transferred, paid, or delivered from inside the Insured Entity’s premises or the Insured Entity’s financial institution premises to a place outside of such premises.
2. Does not include Social Engineering Fraud.
Computer System. Means a computer and connected input, output, processing, storage, or communication device, or related network, operating system, website, or application software, that is:
1. under the operational control of, and owned by, licensed to, or leased to: a. the Insured Entity; or b. an Insured Person, while authorized by, and transacting business on behalf of, the
Insured Entity, except under the Betterment or Data Restoration Insuring Agreements, or any Cyber Crime Insuring Agreement; or
2. operated by an IT Provider, but only the portion of such computer system used to provide hosted computer resources to the Insured Entity, except under the Betterment or Business Interruption Insuring Agreements.
Confidential Information. Means a third party’s or Insured Person’s private or confidential information that is in the care, custody, or control of the Insured Entity, or a service provider acting on behalf of the Insured Entity.
Covered Material. 1. Means content that is created or disseminated, via any form or expression, by, or on behalf of, the Insured Entity.
2. Does not include: a. tangible product designs; or b. content created or disseminated by the Insured Entity on behalf of a third party.
Cyber Extortion Costs. 1. Means, with the Insurer’s prior written consent: a. Ransom, in direct response to a Cyber Extortion Threat; b. reasonable amounts incurred or paid by the Insured in the process of paying, or
attempting to pay, Ransom; or c. reasonable amounts incurred or paid by the Insured, recommended by an Approved
Provider, to mitigate Ransom. 2. Does not include Computer And Legal Expert Costs or Restoration Costs.
Cyber Extortion Threat. Means a threat to: 1. access or disclose:
a. Confidential Information; or b. an Insured Entity’s information without authorization; or
2. commit or continue a Security Breach, made against the Insured Entity for Ransom.
Defense Costs. 1. Means reasonable fees and costs incurred by the Insurer, or the Insured with the Insurer’s prior written consent, in the:
a. investigation; b. defense; c. settlement; or
Spe cim
en
Definitions continued from previous page.
CYB-16001 Rev. 06-20 Page 5 of 20 © 2020 The Travelers Indemnity Company. All rights reserved.
d. appeal, of a Claim.
2. Includes up to $1,000 per day for loss of earnings due to an Insured Person’s attendance in court, if at the Insurer’s request.
3. Does not include wages, benefits, or overhead of the Insurer or of the Insured.
Discover, Discovered, Discovery.
Means when an Executive Officer first becomes aware of facts that would cause a reasonable person to assume that a First Party Loss has been or will be incurred, regardless of when the act or acts causing or contributing to such First Party Loss occurred, even though the exact amount or details of such First Party Loss may not then be known.
Employee. 1. Means a natural person while their labor is engaged and directed by the Insured Entity, and who is:
a. a full-time, part-time, seasonal, or temporary worker compensated directly by the Insured Entity through wages, salaries, or commissions;
b. a volunteer, student, or intern; or c. a worker whose services have been leased to the Insured Entity by a labor leasing firm
under a written agreement. 2. Does not include any:
a. agent; b. broker; c. consignee; d. independent contractor; or e. representative, of the Insured Entity.
Executive Officer. Means a natural person while acting as the Insured Entity’s: 1. chief executive officer; 2. chief financial officer; 3. chief information security officer; 4. risk manager; 5. in-house general counsel; or 6. the functional equivalent of 1 through 5.
Extra Expense. Means reasonable costs incurred by the Insured Entity, with the Insurer’s written consent, that: 1. result from a First Party Event; 2. are in excess of the Insured Entity’s normal operating costs; 3. are intended to reduce Income Loss; and 4. would not have been incurred had there been no First Party Event.
First Party Event. 1. Means: a. Computer Fraud; b. Cyber Extortion Threat; c. Funds Transfer Fraud; d. IT Provider Breach; e. Media Act; f. Privacy Breach; g. Security Breach; h. Social Engineering Fraud; i. System Failure; or j. Telecom Fraud.
Spe cim
en
Definitions continued from previous page.
CYB-16001 Rev. 06
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.