Add as a preferred source on Google

The New Frontier

You are in the middle of a school board meeting, checking your emails during someone else’s presentation, and a board member shares this great new “thing” that he heard about at a recent work conference. Your ears perk up, because you know it falls in your area of responsibility.

That happened to me about two months ago! The “thing” was cyber liability insurance. So I kicked into high gear and started seeking answers to the “five Ws:” what, who, where, when and why.

What Is cyber liability insurance?

A cyber insurance policy may include the following types of coverage:

  • First-party coverage against losses such as data destruction, extortion (the creator of malware demands a ransom in order for the restriction to be removed), theft, hacking and denial of service attacks (a machine or network resource is made unavailable to its intended users).
  • Liability coverage indemnifying companies for losses to others caused by, for example, errors and omissions, failure to safeguard data and defamation.
  • Privacy-breach response services, including post-incident public relations, investigative expenses and criminal reward funds.

Cyber liability insurance has been available for about 10 years, but 2014’s high-profile breaches no doubt have increased the demand by all types of organizations.

Who needs cyber liability insurance?

Target, Home Depot and Staples made national news because breaches in their systems compromised thousands of credit card numbers. Initially, my assumption was that the problem was corporate America’s and school districts were not at risk, since I had heard time and again from our technology department that we had a very strong set of security protocols protecting our network.

Then, I saw a report on 60 Minutes that indicated that 97 percent of all companies are being breached, and the average number of days from the time of the breach to the time of discovery is 229! If 97 pecent of the companies across the nation are being breached, we would be naive to think that we are invulnerable.

Where is cyber insurance needed?

In the United States, 46 of the 50 states have mandatory requirements for data breach notification. Because of those notification requirements, all school districts should be considering at least minimal coverage related to privacy-breach response services. Why? In the event of a data breach, most school districts would have difficulty complying with state and federal notification requirements.

When can cyber insurance add value?

Since insurers are required to pay out cyber losses, they have a strong interest in greater security and their requirements are continually improving. That means your district will improve its security in the long term, which will benefit your students and their families. As your security improves, the cost of coverage will decrease.

The application process for cyber insurance is comprehensive and will bring to light any weaknesses in your cybersecurity system that need to be addressed. In many cases, you will be unable to secure coverage if certain security features do not exist, such as encryption. The application process alone equates to a free, independent security assessment.

Another added value to districts that obtain cyber insurance coverage is the public perception of stronger security. The fact that you have the coverage shows that you take cybersecurity seriously and are being good stewards of your patrons’ information.

Why should a district consider cyber insurance?

District staff members must have electronic access to student information, much of which is protected or confidential. In fact, probably no other type of organization, except a bank or other financial institution, stores more personally identifiable information than a school district. It is not uncommon for a school district to have social security numbers, driver’s license numbers, bank account numbers, and confidential personal medical and health data in their information systems.

But school districts don’t have to worry about data security, because they have protections in place on their networks, right? Wrong! Cybersecurity is a goal, not a destination. Even though great advancements have been made in risk protection techniques over the past decade as a result of hardware, software, and cryptographic methodologies, it is impossible to achieve perfect or even near-perfect security protections. Even the most sophisticated cybersecurity system cannot protect against human error or bad judgment.

— Excerpted from the February 2015 issue of School Business Affairs, published by ASBO International (www.asbointl.org.)

This article originally appeared in the issue of .

About the Author

John Hutchison, CPA, SFO, is chief financial and operations officer for Olathe Public schools, Olathe, Kan.

Featured

  • Pittsburgh High School Upgrades Athletics Facilities’ Technology

    Plum Senior High School in Pittsburgh, Penn., recently partnered with South-Dakota-based Daktronics through the We’re All Mustangs Here Foundation to upgrade the technology in its athletics facilities, according to a news release. Daktronics designed, built, and installed new LED video displays and finished the project in time for the beginning of the 2025 high-school football season.

  • Florida SouthWestern State College, Skanska Partner for Humanities Hall Renovation

    Florida SouthWestern State College (FSW) in Fort Myers, Fla., recently announced that it is partnering with construction firm Skanska to renovate the school’s Humanities Hall, according to a news release.

  • Creating Long-Term Sustainability on College Campuses Through Fair Student Housing

    The quality of student housing can have a significant impact on an individual’s college experience. Today’s higher education institutions face mounting challenges, including declining enrollment, low retention rates between the first and second years, and a rise in student mental health concerns. Thoughtfully designed living spaces can help address these issues by creating environments that promote both academic focus and personal well-being.

  • Empowering People Through Smart, Sustainable Campuses

    Sustainability is facing increasing scrutiny, with some questioning its costs and priorities. Yet for universities, it remains an essential driver of resilience, operational efficiency and long-term competitiveness. At the same time, there is a growing recognition that sustainable transformation is not just about reducing energy consumption and emissions to comply with tightening regulations ‒ it’s about creating vibrant, comfortable environments where people can thrive, innovate and connect. For university leadership, this is a complex balancing act, with rising energy costs and limited budgets only adding to the challenge.

Digital Edition