The New Frontier

You are in the middle of a school board meeting, checking your emails during someone else’s presentation, and a board member shares this great new “thing” that he heard about at a recent work conference. Your ears perk up, because you know it falls in your area of responsibility.

That happened to me about two months ago! The “thing” was cyber liability insurance. So I kicked into high gear and started seeking answers to the “five Ws:” what, who, where, when and why.

What Is cyber liability insurance?

A cyber insurance policy may include the following types of coverage:

  • First-party coverage against losses such as data destruction, extortion (the creator of malware demands a ransom in order for the restriction to be removed), theft, hacking and denial of service attacks (a machine or network resource is made unavailable to its intended users).
  • Liability coverage indemnifying companies for losses to others caused by, for example, errors and omissions, failure to safeguard data and defamation.
  • Privacy-breach response services, including post-incident public relations, investigative expenses and criminal reward funds.

Cyber liability insurance has been available for about 10 years, but 2014’s high-profile breaches no doubt have increased the demand by all types of organizations.

Who needs cyber liability insurance?

Target, Home Depot and Staples made national news because breaches in their systems compromised thousands of credit card numbers. Initially, my assumption was that the problem was corporate America’s and school districts were not at risk, since I had heard time and again from our technology department that we had a very strong set of security protocols protecting our network.

Then, I saw a report on 60 Minutes that indicated that 97 percent of all companies are being breached, and the average number of days from the time of the breach to the time of discovery is 229! If 97 pecent of the companies across the nation are being breached, we would be naive to think that we are invulnerable.

Where is cyber insurance needed?

In the United States, 46 of the 50 states have mandatory requirements for data breach notification. Because of those notification requirements, all school districts should be considering at least minimal coverage related to privacy-breach response services. Why? In the event of a data breach, most school districts would have difficulty complying with state and federal notification requirements.

When can cyber insurance add value?

Since insurers are required to pay out cyber losses, they have a strong interest in greater security and their requirements are continually improving. That means your district will improve its security in the long term, which will benefit your students and their families. As your security improves, the cost of coverage will decrease.

The application process for cyber insurance is comprehensive and will bring to light any weaknesses in your cybersecurity system that need to be addressed. In many cases, you will be unable to secure coverage if certain security features do not exist, such as encryption. The application process alone equates to a free, independent security assessment.

Another added value to districts that obtain cyber insurance coverage is the public perception of stronger security. The fact that you have the coverage shows that you take cybersecurity seriously and are being good stewards of your patrons’ information.

Why should a district consider cyber insurance?

District staff members must have electronic access to student information, much of which is protected or confidential. In fact, probably no other type of organization, except a bank or other financial institution, stores more personally identifiable information than a school district. It is not uncommon for a school district to have social security numbers, driver’s license numbers, bank account numbers, and confidential personal medical and health data in their information systems.

But school districts don’t have to worry about data security, because they have protections in place on their networks, right? Wrong! Cybersecurity is a goal, not a destination. Even though great advancements have been made in risk protection techniques over the past decade as a result of hardware, software, and cryptographic methodologies, it is impossible to achieve perfect or even near-perfect security protections. Even the most sophisticated cybersecurity system cannot protect against human error or bad judgment.

— Excerpted from the February 2015 issue of School Business Affairs, published by ASBO International (www.asbointl.org.)

This article originally appeared in the issue of .

About the Author

John Hutchison, CPA, SFO, is chief financial and operations officer for Olathe Public schools, Olathe, Kan.

Featured

  • Springfield Breaks Ground on $53.7M Pipkin Middle School Rebuild

    Construction is underway on a new, state-of-the-art Pipkin Middle School in Springfield, Mo., a major step in Springfield Public Schools’ (SPS) long-term facility improvement plan, according to local news. The $53.7-million project officially broke ground in early June, following years of planning and community input aimed at modernizing aging infrastructure and addressing student capacity concerns.

  • ProTeam Launches GoFit 6 HEPA Backpack Vacuum

    Technology leader Emerson recently introduced the new ProTeam GoFit 6 HEPA backpack vacuum, according to a news release. The vacuum was designed to capture 99.97% of particulates down to 0.3 microns—including atmospheric hazards like lead dust, mold spores, and other particulates—through an advanced filtration system.

  • California High School Starts Construction on New CTE Building

    Analy High School, part of the West Sonoma County Union High School District (WSCUHSD) in Sebastopol, Calif., recently broke ground on a new Career Technical Education (CTE) Building, according to a news release. The 15,000-square-foot facility will offer specialized facilities for students in engineering, welding, culinary arts, agricultural sciences, and design thinking.

  • modern college building with circuit and brain motifs

    Anthropic Introduces Claude for Education

    Anthropic has launched a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

Digital Edition