1. Cyber Exposures: Risks
Well-Suited for Captive
Insurers
Jean Lamfers, Esq.
Author of Cyber Insurance Policies, Consultant to
National & International Insurers and Partner
with the Law Firm of
Lamfers, Sheehan & Ozegovic, LLC
WeSimplifyLaw.com and Lsolaw.com
913-962-8200
2. Why Is Cyber Exposure a
Concern for My Business?
Because virtually all businesses access or
store confidential information.
Because employees and independent
contractors DO make mistakes in how
they handle private information.
Because the employer is responsible for
the acts of their employees.
Because federal and state laws, in
response to constituents’ demands, have
evolved into essentially “strict liability”
for privacy breaches.
3. Examples of Common, Recent
Incidents
Theft of Mobile Devices
◦ A county-owned laptop was stolen from a
Las Vegas hotel room with 35,000 county
residents’ personal information
◦ Info came from Dept of Motor Vehicles
included social security numbers & drivers’
license numbers
◦ The good news: The device was password
protected.
◦ The bad news: Regardless of password
protection, the county had to notify
potentially affected residents and take other
remedial actions.
4. Examples of Common, Recent
Incidents
Security Companies Are Breached
◦ RSA, known for their patented, second-layer
password protection system, was secretly
sabotaged for an extended time period
◦ The system uses keychain fobs, which
receive & display numerical sequences
updated approx. every 60 seconds
◦ Users enter the displayed sequence from the
fob within a given time as a secondary
password protection to access their
company’s computers remotely
◦ The system was in use by many high-
security industries and the government
5. Examples of Common, Recent
Incidents
Paper Data Breaches Are Common
◦ A billing service for 4 hospitals in MA
improperly “recycled” 3 years of patient
records at a recycling transfer station
◦ A newspaper employee witnessed the
“disposal” and retrieved samples
◦ The result: a public relations nightmare and
overwhelming notification/audit process
6. Examples of Common, Recent
Incidents
Rogue Employees
◦ During an investigation of an employee’s
own residential burglary, police found more
than they expected
◦ A Thomson CompuMark Data employee was
implicated after police collected info
suggesting the employee had removed paper
records with customer payment card info
from his employer
◦ These types of incidents occur with hair-
raising frequency in the restaurant, hotel,
retail and nearly-every, consumer-related
industry.
7. Costs and Outcomes Can Be
Extraordinary
Florida Attorney General settled with a check
services company for $850,000 for its investigative
costs and attorney’s fees plus $125,000 contribution
to an educational crime prevention program. A
former employee stole the personal data. (He’s
serving nearly 5 years in federal prison.)
State and federal regulators are using high profile
incidents with sizeable awards or settlements as
examples to spur prevention and curb knowing
violations.
8. What Does Cyber Insurance
Cover?
Damages claims by third parties
for network security breaches
Costs incurred to notify persons
impacted by a data breach
Regulatory fines imposed by
governments
Costs to restore data lost or
compromised
Investigation costs for computer
forensic analysis
9. What Does Cyber Insurance
Cover?
Crisis management costs--public
relations and damage control
Coverage for losses to or caused
by data that’s maintained by a
third party on your company’s
behalf
Coverage for “gaps” in typical
general liability policies for
claims arising out of the creation
and distribution of content on
websites, blogs, or social media
10. Why Choose a Captive for
Cyber Risks?
Captives can deliver cyber insurance
uniquely tailored for your business.
You and your program developer
decide what risks to insure.
Risk management and risk audits can
improve your bottom line.
Top-Down implementation is more
successful, which the captive structure
inherently encourages.
11. The Law Firm of Lamfers,
Sheehan & Ozegovic, LLC
Relevant experience writing cyber insurance and
errors and omissions insurance policies for well-
known companies
Extensive claims management experience in niche
markets of technology, media, cyber and privacy
Ability to deliver risk management and ongoing
product support without the large firm overhead.
Insurance industry contacts for successful
placement of any requisite reinsurance.
12. Cyber Exposures: Risks
Well-Suited for Captive
Insurers
Jean Lamfers, Esq.
Author of Cyber Insurance Policies, Consultant to
National & International Insurers and Partner
with the Law Firm of
Lamfers, Sheehan & Ozegovic, LLC
6333 Long Avenue, Suite 102
Shawnee, Kansas 66216
WeSimplifyLaw.com and Lsolaw.com
913-962-8200
jl@lamferslaw.com