The New Frontier

You are in the middle of a school board meeting, checking your emails during someone else’s presentation, and a board member shares this great new “thing” that he heard about at a recent work conference. Your ears perk up, because you know it falls in your area of responsibility.

That happened to me about two months ago! The “thing” was cyber liability insurance. So I kicked into high gear and started seeking answers to the “five Ws:” what, who, where, when and why.

What Is cyber liability insurance?

A cyber insurance policy may include the following types of coverage:

  • First-party coverage against losses such as data destruction, extortion (the creator of malware demands a ransom in order for the restriction to be removed), theft, hacking and denial of service attacks (a machine or network resource is made unavailable to its intended users).
  • Liability coverage indemnifying companies for losses to others caused by, for example, errors and omissions, failure to safeguard data and defamation.
  • Privacy-breach response services, including post-incident public relations, investigative expenses and criminal reward funds.

Cyber liability insurance has been available for about 10 years, but 2014’s high-profile breaches no doubt have increased the demand by all types of organizations.

Who needs cyber liability insurance?

Target, Home Depot and Staples made national news because breaches in their systems compromised thousands of credit card numbers. Initially, my assumption was that the problem was corporate America’s and school districts were not at risk, since I had heard time and again from our technology department that we had a very strong set of security protocols protecting our network.

Then, I saw a report on 60 Minutes that indicated that 97 percent of all companies are being breached, and the average number of days from the time of the breach to the time of discovery is 229! If 97 pecent of the companies across the nation are being breached, we would be naive to think that we are invulnerable.

Where is cyber insurance needed?

In the United States, 46 of the 50 states have mandatory requirements for data breach notification. Because of those notification requirements, all school districts should be considering at least minimal coverage related to privacy-breach response services. Why? In the event of a data breach, most school districts would have difficulty complying with state and federal notification requirements.

When can cyber insurance add value?

Since insurers are required to pay out cyber losses, they have a strong interest in greater security and their requirements are continually improving. That means your district will improve its security in the long term, which will benefit your students and their families. As your security improves, the cost of coverage will decrease.

The application process for cyber insurance is comprehensive and will bring to light any weaknesses in your cybersecurity system that need to be addressed. In many cases, you will be unable to secure coverage if certain security features do not exist, such as encryption. The application process alone equates to a free, independent security assessment.

Another added value to districts that obtain cyber insurance coverage is the public perception of stronger security. The fact that you have the coverage shows that you take cybersecurity seriously and are being good stewards of your patrons’ information.

Why should a district consider cyber insurance?

District staff members must have electronic access to student information, much of which is protected or confidential. In fact, probably no other type of organization, except a bank or other financial institution, stores more personally identifiable information than a school district. It is not uncommon for a school district to have social security numbers, driver’s license numbers, bank account numbers, and confidential personal medical and health data in their information systems.

But school districts don’t have to worry about data security, because they have protections in place on their networks, right? Wrong! Cybersecurity is a goal, not a destination. Even though great advancements have been made in risk protection techniques over the past decade as a result of hardware, software, and cryptographic methodologies, it is impossible to achieve perfect or even near-perfect security protections. Even the most sophisticated cybersecurity system cannot protect against human error or bad judgment.

— Excerpted from the February 2015 issue of School Business Affairs, published by ASBO International (www.asbointl.org.)

This article originally appeared in the issue of .

About the Author

John Hutchison, CPA, SFO, is chief financial and operations officer for Olathe Public schools, Olathe, Kan.

Featured

  • Spaces4Learning Announces Winners of 2025 Product Awards

    Spaces4Learning has just announced the winners of the 2025 Product Awards! The award program recognizes innovation and excellence in products that enhance learning environments in K–12 schools and institutions of higher education.

  • i-PRO, NovoTrax Partner for New School Emergency Response Solution

    i-PRO Americas, Inc., which manufactures edge computing cameras, recently announced a partnership with NovoTrax, provider of end-to-end life safety and mass notification solutions, to address gaps in emergency response workflows at K–12 schools, according to a news release.

  • AP Construction Breaks Ground on Two Projects for Austin ISD

    Adolfson & Peterson Construction (AP) recently announced that it has broken ground on two renovation projects for the Austin Independent School District, according to a news release. The work at McCallum and Anderson High Schools totals 97,350 square feet and is scheduled for completion in January 2027.

  • cutaway view of a modern school building, showing various rooms and zones

    Layering AI into HVAC Systems Shows Reduction in Carbon Emissions

    Heating and cooling systems are just one of the many new ways that AI can be integrated into schools. According to a new study from Schneider Electric's Sustainability Research Institute, AI-powered HVAC systems in schools can lead to significant carbon emissions savings.

Digital Edition