The Hartford
Cyber Insurance 101

The Hartford provides an overview of its cyber risk insurance offerings and the importance of such coverage in today’s digital landscape.

Cyber Risk Landscape

The document highlights the growing threat of cyber-attacks, noting:

• A 40% increase in global ransomware attacks over the last year.
• Phishing is responsible for 90% of ransomware attacks.
• The average ransom demand spiked to over $700,000 in Q2 2023, a 126% increase.
• Business email compromise (BEC) losses rose from $1.9B in 2020 to $2.7B in 2022.

CyberChoice Coverage

The Hartford’s CyberChoice policy offers comprehensive protection against cyber risks, including:

• Affirmative cyberterrorism coverage
• Incident response expenses, including voluntary notification
• Third-party service provider coverage
• Pre-claim investigation and prevention assistance
• Worldwide coverage territory

The policy is designed for various industries, including construction, entertainment, financial institutions, higher education, hospitality, manufacturing, retail, transportation, utility and energy, and wholesale distribution.

Value-Added Services

Policyholders gain access to:

• The Hartford Cyber Center: An online risk management portal with cybersecurity resources and employee training.
• 24/7 Cyber Claims Hotline: Guides clients through initial steps after a breach and assists with incident response and recovery.
• CyberChoice First Responders: A panel of professionals with expertise in cyber and breach response.

The Hartford’s Credentials

The Hartford emphasizes its standing in the industry:

• Ranked as the No. 3 Cyber Liability insurer
• Ranked as the No. 2 Professional Liability insurer
• Recognized as a “World’s Most Ethical Company®” 14 times by Ethisphere

Coverage Details

• Primary capacity for risks with revenues up to $500M
• Excess capacity for risks with revenues up to $1B
• Complete first and third-party cyber coverage included in the base form

The Hartford
Cyber Perception

The Hartford, an insurance company with over 200 years of experience, offers comprehensive cyber risk management solutions designed to help clients build resilience and minimize risk in an ever-changing cyber threat landscape. Their approach is characterized by flexibility, specialization, and a strong geographic presence.

Features of The Hartford’s Cyber Coverage

• Flexible Solutions: The Hartford provides standalone cyber coverage and options that blend cyber with Tech Errors & Omissions or Miscellaneous Professional Liability. They also offer excess capacity to meet diverse client needs.
• Broad Appetite: The company has an expansive appetite for cyber risks across various industries, with some exceptions such as in-patient healthcare, public entities, and K-12 education.
• Established Presence: With over 20 years of experience in Tech E&O policies, The Hartford has a well-established presence in the market, addressing a wide array of coverage needs.
• Specialized Expertise: The Hartford boasts experienced cyber underwriters and in-house claims handlers with the authority to manage a range of risks and provide quick turnarounds.

Risk Mitigation and Support

• Cyber Risk Mitigation Services: Insureds receive a network vulnerability scan and consultation access to The Hartford Cyber Center at no additional cost.
• Educational Resources: The Hartford offers a library of marketing materials, thought leadership articles, and webinars to help clients learn how to minimize cyber risk and build effective defense strategies.
• Dedicated Support: A team of dedicated underwriters is available to assist clients with tailored solutions to meet their specific needs.

Market Positioning

The Hartford positions itself as a comprehensive solution provider in the cyber insurance market. They address market needs such as:

1. Offering both cyber and technology coverage
2. Providing a broad appetite for cyber risks
3. Demonstrating a long-standing presence in the market
4. Offering specialized claims and underwriting knowledge
5. Providing cyber risk mitigation services
6. Offering guidance on evolving cyber risks
7. Providing direct access to a dedicated cyber team

By addressing these market needs, The Hartford aims to differentiate itself as a reliable and experienced partner in managing cyber threats for businesses across various industries.

The Hartford
Claims Scenarios: Real Life

The Hartford presents various cybersecurity scenarios and their potential insurance solutions, highlighting the importance of comprehensive cyber risk management for businesses of all sizes.

Scenario 1: Remote Theft at the Check-out
A small business providing point-of-sale terminals faced a breach where criminals accessed a client’s sales terminals using employee credentials. This resulted in customer notifications and an indemnification claim.

Scenario 2: Ransomware Attack
A regional accounting firm experienced a ransomware attack that blocked system access and deleted files. This led to missed tax filing deadlines and reputational damage.

Scenario 3: White Hat Hacker
A small company with an online sales platform was blackmailed by a hacker who discovered a security flaw. The company had to migrate data to a new platform to prevent future incursions.

Scenario 4: HR Imposter
A construction company fell victim to a phishing scam where an impersonator obtained employee W2 forms, necessitating credit and identity monitoring services for affected employees.

Scenario 5: Facebook Invasion
A technician at a laptop repair center accessed a customer’s Facebook account, posting explicit photos. This resulted in a multi-million dollar settlement and an indemnification claim.

Scenario 6: Carpetbaggers
A carpet factory’s employee unknowingly activated cryptowall malware, leading to production halts, data loss, and significant brand damage.

Scenario 7: Deep Freeze
An online travel reservation company experienced a network freeze due to a coding error during system upgrades, resulting in lost revenue and customers.

Scenario 8: Double Trouble
A bank faced a combined DDoS attack and data breach, leading to customer data exposure, regulatory investigations, and a class-action lawsuit.

Insurance Solutions

The Hartford suggests various insurance coverages to address these scenarios, including:

• Data Privacy and Network Security Liability
• Privacy Regulatory Matters
• Incident Response Expenses
• Cyber Extortion Loss
• Network Restoration Expenses
• Business Interruption
• Media Liability
• System Failure for Administrative Error

In Summary

1. Cybersecurity incidents can arise from various sources, including employee errors, malicious attacks, and system failures.

2. Cyber incidents’ financial and reputational impacts can be severe and long-lasting.

3. A comprehensive cyber insurance policy can help mitigate the costs and damages associated with these incidents.

4. Businesses should consider a multi-faceted approach to cyber risk management, including preventive measures and insurance coverage.

The Hartford emphasizes the importance of being prepared for a wide range of cyber threats and having appropriate insurance coverage to protect against potential financial losses and liabilities.

The Hartford
Claims Scenarios: Technology E&O

The Hartford outlines various claim scenarios related to technology professional, media, and cyber risk coverage offered. It demonstrates the need for comprehensive insurance solutions for technology companies, highlighting potential risks and associated expenses.

Claim Scenarios

Scenario 1: Professional Liability – Software Company

• Cause: Negligence/failure to perform
• Situation: Software upgrade causes fare system failure for a transportation authority
• Damages: Lost revenues, extra expenses, reputational harm
• Resolution: Claim expenses over $25,000, settled for $300,000

Scenario 2: Professional Liability – Software Developer

• Cause: Negligence/failure to perform
• Situation: Workforce management software functionality failure
• Damages: Over $700,000 alleged
• Resolution: Claim expenses over $50,000, settled for $250,000

Scenario 3: Intellectual Property Infringement

• Cause: Copyright infringement of software code
• Situation: Competitor alleges product infringement
• Damages: Over $100 million alleged
• Resolution: Claim expenses exceeding $5 million

Scenario 4: Security Breach/Unauthorized Access

• Cause: Failure to prevent disclosure of personally identifiable information
• Situation: Website security elements left disabled after maintenance
• Damages: Lost customers, notification costs, credit monitoring expenses, regulatory proceeding expenses

Scenario 5: Professional Liability – Telecommunications Equipment Manufacturer

• Cause: Negligence
• Situation: Installation problem traced to company’s schematics
• Resolution: Claim expenses $5,000, indemnity $225,000

Takeaways

• The Hartford emphasizes the importance of cybersecurity threat protection for tech companies.
• It showcases The Hartford’s FailSafe® coverage and cyber services portfolio.
• The scenarios cover various types of claims: professional liability, intellectual property infringement, and security breaches.
• Claim resolutions often involve significant expenses and settlements.
• The Hartford offers a range of products and services for technology companies, including the Coverage Analyzer, Cyber Services Portfolio, and Cyber Center.

The Hartford
CyberChoice First Response

The Hartford’s CyberChoice First Response is a comprehensive cyber coverage solution for small businesses. This program offers a seamless process for quoting and binding cyber insurance policies, with the following features:

Program Highlights

• Broad industry appetite, targeting sectors such as Construction, Manufacturing, Professional Services, Retail, and more
• Combined first-party coverage and third-party liability in a single standalone cyber form
  Admitted in most states
• Limits up to $5M, with certain sublimits applying
• Automated limits up to $2M in the Pronto quoting/binding system
• Suitable for businesses with revenues up to $250M
• Auto-renewal eligible, subject to underwriting guidelines

Coverage Overview

Cyber Third-party Liability:

• Defense and Damages
• Data Breach and Privacy Lawsuits
• Network Interruption Lawsuits
• Fines and Penalties
• Data Breach Fines and Proceedings, PCI Fines and Assessments

Cyber First Party:

• Data Breach Response Expense
• Business Interruption Loss and Dependent Business Interruption
• Cyber Extortion, including Ransomware Response and Negotiation

Additional Coverage by Endorsement:

• Cyber Crime, including Funds Transfer Fraud and Social Engineering
• Utility Fraud (Cryptojacking)
• System Failure and Dependent System Failure
• Voluntary Shutdown
• Telecommunications Fraud
• Computer Hardware (Bricking)
• Reputational Harm

Coverage Highlights

• Affirmative Cyberterrorism coverage
• Pre-claim investigation and prevention assistance
• Worldwide coverage territory
• Incident Response Expenses, inclusive of voluntary notification
• Third-party service provider coverage

Additional Program Benefits

• Access to The Hartford Cyber Center
• Complimentary Risk Mitigation Services
• Dedicated Cyber underwriting team
• Specialized Cyber claims counsel and 24/7 cyber incident hotline

The Hartford
Cyberchoice Secure

The Hartford outlines its cyber risk insurance program, which offers comprehensive protection and services for businesses facing cyber incidents. This insurance solution is designed to support business continuity when cyber-related issues occur.

Underwriting Expertise:

The program is backed by experienced underwriters with specialized knowledge in cyber exposures across various industries. This expertise allows for:

• A better understanding of cyber risks faced by businesses
• Offering market-leading coverage tailored to client needs
• Significant authority to handle a wide range of risks
• Quick turnarounds for efficient service

Program Highlights:

• Eligible company categories include construction, entertainment, financial institutions, higher education, hospitality, manufacturing, retail, transportation, utility and energy, and wholesale distribution
• Complete first and third-party cyber coverage included in the base form without additional endorsements
• Primary capacity for risks with revenues up to $500 million
• Excess capacity for risks with revenues up to $1 billion

Coverage Details

The Hartford’s cyber risk insurance offers extensive coverage, including:

• Broad definition of personally identifiable information, both electronic and printed
• Unlimited notification coverage for qualifying companies
• Privacy regulation proceedings and fines coverage at full policy limits
• PCI fines and assessments coverage up to full policy limits
• Rogue employee and third-party service provider coverage
• Business interruption coverage for cyber attacks, system failures, and voluntary shutdowns
• 24-month coverage period for business interruption loss and other first-party cyber coverages
• Cyber deception loss and telecommunication loss coverage
• Optional reputational loss and bricking coverage

Additional Benefits:

• Carve-back to war exclusion for cyber attacks, cyber extortion demands, and privacy breaches
• Affirmative allocation provision with a 70/30 hammer clause
• Settlement for amounts up to 50% of retention without prior consent
• Pre-claim investigation and claim prevention assistance coverage
• Punitive damages coverage where insurable
• Worldwide coverage territory
• Cyber risk mitigation tips and incident response guidance included with the policy

In summary, The Hartford’s cyber risk insurance program offers a comprehensive solution for businesses seeking protection against cyber incidents, with tailored coverage options, experienced underwriting, and specialized support to address the evolving landscape of cyber risks.

The Hartford
Cyber Services Portfolio

The Hartford discusses its comprehensive approach to cyber risk management, based on the NIST Cybersecurity Framework. This approach encompasses five key areas: Identify, Protect, Detect, Respond, and Recover.

Identify Your Risks

The Hartford offers several services to help policyholders identify potential cybersecurity risks:

• BitSight Security Ratings: A complimentary service that measures an organization’s cybersecurity performance using objective, verifiable information.
• Consultation with Data Privacy and Cybersecurity Attorney: A free service to help review and prioritize privacy and cybersecurity strategies.
• Third-Party Vendor Contract Review: A service provided by privacy and cybersecurity legal experts to review potential exposures from third-party vendors, with the first review offered free of charge.

Protect Your Organization

To help policyholders protect their organizations, The Hartford provides:

• KnowBe4 Security Awareness Training: Discounted employee training and phishing tests.
• The Hartford Cyber Center: A free digital portal offering sample policies, research tools, and cyber intelligence.
• Cyber Advisories and Exclusive Webinars: Available to policyholders who register for The Hartford Cyber Center.

Detect Threats

The Hartford offers a 24/7 fully managed threat detection service called Arete and SentinelOne Managed Detection and Response. This service uses AI-driven technology to reduce attack surfaces, identify vulnerabilities, and improve overall enterprise security.

Respond

In the event of a cyber incident, The Hartford provides:

• 24/7 Cyber Claims Hotline: Guides policyholders through initial steps after a breach and helps navigate incident response and recovery processes.
• CyberChoice First Responders: A panel of professionals with expertise in cyber and breach response to assist with the entire incident response process.

Recover from Cybersecurity Incidents

To help businesses recover after a cyber incident, The Hartford offers access to Cyber Extortion and Data Recovery Experts third-party specialists to assist in returning businesses to normal operations.

The Hartford
FailSafe Coverage Analysis

The Hartford an overview of its FailSafe® policy, a comprehensive insurance solution designed for technology businesses to address professional, media, and cyber risks. This policy offers stronger protection and more choices than competing policies in the market.

Coverage Areas:

• Professional Liability for errors and omissions
• First-Party Coverage including:
• Breach Expenses (crisis management, cyber investigation, notification)
• Liability (data privacy regulatory expenses, PCI expenses)
• Extortion (cyber extortion expenses)
• Business Interruption and Data Loss
• Cyber Crime (social engineering, invoice manipulation, cryptojacking)

Additional Benefits:

Access to The Hartford Cyber Center, providing preventive and responsive services
24/7 claims hotline staffed by experienced technology and cyber claims team

The Hartford Cyber Center

The Cyber Services Portfolio helps organizations:

• Identify risks
• Protect the organization
• Detect threats
• Respond correctly
• Recover from cybersecurity incidents

Comparison with Other Carriers

The Hartford includes a checklist for comparing FailSafe with other carriers’ programs, covering various aspects of wrongful acts and first-party coverage. This allows potential clients to evaluate FailSafe’s comprehensiveness against competitors.

About The Hartford

• Over 200 years of experience helping businesses
• Claims service rated 4.7 out of 5 stars
• Named among the World’s Most Ethical Companies® 13 times by the Ethisphere Institute

Product Details

• Various property and casualty insurance company subsidiaries of The Hartford Financial Services Group, Inc. may underwrite coverage.
• Availability may vary by state and business type
• The document provides information as of December 2022

The Hartford’s FailSafe policy offers a comprehensive solution for technology businesses, addressing a wide range of professional, media, and cyber risks with flexible coverage options and additional services to support risk management and incident response.