Overview
At a Glance
Financial firms face increasingly complex information and computer security risks. If you store client confidential information or anything defined as personal identifiable information (PII), cyber criminals have an interest in your stored data files to target, breach and obtain such information.
AMBA arranges financial professionals’ Cyber Liability Insurance protection for both first party exposure and third party exposure.
Benefit Features:
- Data Breaches, including paper and digital files
- Business Interruption Coverage
- Network damage, including third-party lawsuits due to loss of privacy
- Electronic Financial Transactions
- Crime coverage
- Social Engineering
- Reputation Repair Assistance
- Forensic Audits to Locate and Reduce Further Data Breaches
- Customer Notification Expenses include legal expenses, credit monitoring expenses, postage, and advertising costs
Schwab’s Policy on Insurance for Advisor Services (“Policy”)
To comply with this Policy, which is applicable to Registered Investment Advisors, Turnkey Asset Management Providers (TAMPs) and Bank/Trusts, your firm must maintain the following types of coverage:
- Errors & Omissions (E&O) insurance
- Social Engineering coverage
- Theft by Hacker coverage(theft of client/firm assets)
- Theft by Employee coverage (if applicable, consult with AMBA)
Fidelity Bond (Crime) and Cybersecurity (Cyber) insurance policies are not required under this Policy. However, it is recommended to review coverage with AMBA’s insurance specialists to evaluate whether the firm’s policies would provide the additional required coverages, stated above, or if these insurance policies would benefit their firm.
Why is this insurance important to my firm?
Over the past several years, there has been a continual increase in the number of errors and fraudulent incidents, with events continuing to increase rapidly. With fraud and cybercrime on the rise and ongoing trading volatility, it’s imperative to evaluate how well your firm is protected. To proactively manage these risks and protect your clients, consistent with fiduciary and other obligations, insurance coverage is vital to a firm’s risk management strategy. Coverage protects your firm and clients from the unexpected, transfers risk away from the balance sheet or personal assets, and may provide coverage for legal costs, settlements, and the costs of operational errors.
What if my firm does not get the insurance coverage required by Schwab’s Policy?
For prospects, failure to comply with the Policy may prevent you from being able to custody assets with Schwab. Firms that are new to Schwab have 90 days to comply with the Policy.
For existing Schwab clients, failure to comply with the Policy may result in termination of your service agreement with Schwab.
Frequently Asked Questions
Answers about the plan, including eligibility, options, enrollment, customer service and more.
If my firm purchases E&O coverage, wouldn’t this policy protect us in the event of a cyber or privacy breach?
This is often a misconception by policyholders and we find that the majority of errors & omissions policies do not cover cyber or privacy breaches. An E&O policy typically limits coverage to claims arising from negligence in the performance of specifically defined services and excludes coverage for criminal or intentional acts of insured’s or their employees.
What are my obligations in the event of a breach to report such and to whom?
47 of 50 states require a breach to be reported to those affected if any personal identifiable information (PII) is leaked. Any association who does not report these breaches is subject to hefty fines and penalties from various state and industry regulators. If you are an association servicing clients in multiple states, a single breach can be costly in just legal expenses to translate the requirements of each state’s law. Having the proper Cyber Privacy Liability coverage in place can provide assistance and help cover these expenses.
How can I learn more about the insurance products offered by AMBA and how they can best serve my insurance needs?
For more information or to speak with a Client Representative, please contact our office at 1-800-978-6273.
Claim Scenarios
The below examples illustrate situations in which the costs incurred to remediate a data breach were significant.
Unauthorized Access
An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.
Theft of Digital Assets
A regional retailer contracted with a third party service provider. A burglar stole two laptops of the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.
Privacy Breach
An employee of a rehabilitation center improperly disposed of 4,000 client records in violation of the center’s privacy policy. The records contained social security numbers, credit and debit card account numbers, names, addresses, telephone numbers as well as sensitive medical information. The center settled the claim with the state of Massachusetts and agreed to pay fines and penalties imposed by the state as well as extend $890,000 in customer redress funds for credit monitoring on behalf of the victims.
Theft of Digital Assets
A home healthcare organization had backup tapes, laptops and disks containing social security numbers, clinical and demographic information, and in a small number of cases, patient financial data that was stolen. In total, over 365,000 patient records were exposed. The organization settled with the state attorney general, providing patients with free credit monitoring, credit restoration to patients that were victims of identity fraud, and reimbursement to patients for direct losses that resulted from the data breach. The organization was also required to revamp its security policies, implement technical safeguards and conduct random compliance audits.
Human Error
A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner. Instead, one person received both copies. The mistake sent tax forms and social security numbers to strangers. Approximately 50% of the landlords who work with the community action corporation received their forms in addition to the private information of the others.
Cyber Extortion Threat
A U.S. based information technology company contracted with an overseas software vendor. The contracted vendor left universal “administrator” defaults installed on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit such vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.
Human Error
An employee of a private high school mistakenly distributed via e-mail the names, social security numbers, birthdates and medical information of students and faculty creating a privacy breach. Overall, 1,250 individuals’ information was compromised.
Malicious Code
A juvenile released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.
Contact Information
We’re here to help! Please contact us in whatever manner is most convenient for you.
Address
AMBA
4050 114th Street
Urbandale, Iowa 50322
