Advantages
With a change in cyber product, we know your clients will want to know the benefits this powerful product provides. Here are just a few advantages of the standalone product:
Introducing:
A more robust cyber product to help your clients rest easier
Your clients serve in community-focused industries and are at significant risk of experiencing a cyber-attack due to the personal and confidential information they store. We're proud to introduce a standalone, non-admitted cyber product to our new and renewal clients designed to meet the growing threat posed by cyber-attacks in today's world.
This product is provided by an A.M. Best A-Rated carrier and is the first product presented by Glatfelter's new wholesale unit, Glatfelter Brokerage Services (GBS). This product will be available to our current clients, as well as prospective clients who fit our programs' appetite. It is also available for other risk classes that Glatfelter distribution partners control or are prospecting, enabling these brokers to round out accounts and have access to additional quality products and tools, promoting new growth.
- A dedicated cyber limit; limits do not erode Management Liability or GLPL coverage
- Regulatory action coverage included in Security and Privacy Liability
- Includes Network Interruption Coverage
- Access to an external Communications Platform to speak directly with the carrier
Risk Services Advantages
Eligible insureds receive access to critical Cyber Loss Control Services tools, including:
- 24/7 access to cybersecurity best practices checklists and claims data
- One-on-one remote sessions with a cybersecurity and IT expert to identify a client's potential risks
- A dedicated, 24/7 support hotline to report threats and attacks
- Employee Cybersecurity eLearning in more than 30 languages
Upgrade Your Cyber Coverage Today
Already Have Cyber?
Is your client renewing their Glatfelter package policy that had existing cyber coverage and wanting to obtain a standard coverage quote for cyber insurance? Please complete our brief questionnaire.
Get the QuestionnaireLooking to Add Cyber?
Does your client not currently have cyber coverage with Glatfelter and want to purchase a new policy with the standalone product? Please complete our full application.
Get the ApplicationPlease submit all completed Questionnaires and Applications to:
Frequently asked questions
As Glatfelter transitions to a more robust, standalone cyber product, we know that clients will have questions—and we're here to provide you with the information you need to have effective conversations. To best support you, we compiled a list of client FAQs. Please reach out with any additional questions using the contact information below.
This product will be available to current Glatfelter clients, as well as prospective clients who fit our programs' appetite. It is also available for other risk classes that you control or are prospecting as our distribution partner, enabling you to round out accounts and have access to additional quality products and tools, promoting new growth.
The product will be available for policies effective January 1, 2024 and after for clients of Glatfelter Public Entities, Glatfelter Healthcare and Glatfelter Ministry Care.
The current cyber coverage on the policy will expire with the package policy for clients of Glatfelter Public Entities, Glatfelter Healthcare and Glatfelter Ministry Care.
As the cyber market and risks develop, the need for appropriate cyber coverage becomes more and more important. The standalone cyber product is written on a surplus lines basis, allowing flexibility of rate and form and providing more robust coverage, higher limits (including a dedicated cyber limit that does not erode Management Liability or GLPL coverage), and expanded, specialized underwriting and risk management services.
The current cyber coverage endorsement will expire with the client's existing
package policy
and will no longer be offered on Glatfelter Public Entities, Glatfelter Healthcare and Glatfelter Ministry Care accounts.
The premium going forward will be reflective of an organization's risk profile as
well as the full suite of cyber coverage products, including Security & Privacy Liability, Event
Management, Cyber Extortion, and Network Interruption. For more details, please see the product comparison document.
The cyber standalone product utilizes the Specialty Risk Protector 2023®
Forms and
includes:
- General Terms and Conditions
- Security and Privacy Coverage
- Event Management Coverage
- Cyber Extortion Coverage
- Network Interruption Coverage
Your client is not required to purchase cyber coverage in order to retain their package policy; the product is opt-in.
No, the client does not have to have our current cyber endorsement to obtain a
quote.
Clients will be provided with a standard cyber insurance quote based on the
underwriting information currently available. If different coverage, terms or conditions are desired,
additional underwriting information may be required.
The earliest renewal notices will go out as early as October 1, 2023 for January
renewal business in a state that requires a 90-day notice.
Claims will be handled by a dedicated Cyber Claims Team at the carrier.
To start the transitional underwriting process, you will need to submit a questionnaire
or application to our new wholesale group, Glatfelter
Brokerage Services.
Clients will be provided with a standard cyber insurance quote based on the
underwriting information currently available. If different coverage, terms or conditions are desired,
additional underwriting information may be required. Additionally, eligible insureds have access to
expanded Cyber Loss Control Services.
The retail producer will be responsible to collect the necessary declination paperwork for the risk presented by them.
GBS will be able to provide a copy of the state forms needed to collect the required declinations to the local retail producer.
The Cyber Product in Action
Here are two sample scenarios to showcase how a robust cyber product could better protect your clients from today's cybercriminals.
Data Theft
A client’s hospital was notified of a potential HIPAA (Health Insurance Portability and Accountability Act) breach involving the Protected Health Information (PHI) of over 40,000 of their patients. The insurance company acted quickly, contacting the client and retaining breach counsel and a forensic investigator. Based on the findings of this investigation, the insurance company coordinated with the hospital and breach counsel to select specific vendors to help with notifying regulators and patients, and to offer patients access to identity monitoring protection. They established a call center to handle inquiries and registration for this protection both quickly and efficiently. The insurance company reimbursed the hospital $450,000 for Credit Monitoring and ID Theft Insurance, $175,000 in notification and call center costs, $25,000 in forensic costs and $90,000 in legal costs. The policy also covered $500,000 in regulatory fines that the hospital incurred.
Ransomware
A physician’s practice that generated $2,500,000 in revenue was subject to a ransomware attack where a vulnerability in their VPN (Virtual Private Network), which had not yet been patched, was exploited. The attackers were able to access and remove PII (Personal Identifiable Information) and PHI data - approximately 30,000 records in total - before deploying encryption malware across their virtual environment. The cybercriminals initially demanded a ransom of $250,000 in bitcoin for the decryption key in order to prevent a public release of the stolen data. The ransom was negotiated down to $210,000 – which the physician’s office agreed to pay - and they were reimbursed from their insurance coverage. The insurance policy also responded to $75,000 in breach counsel and legal expenses and $90,000 to cover the cost of hiring a forensic investigator to assess the threat and ensure the malware was fully removed.
The High Cost of Cyber Crime
Cybercrime claims costs are rapidly growing as tactics become more sophisticated. Take a look at these examples of just how costly they can be.
HOW MANY PCI RECORDS WERE EXPOSED?
0
HOW MANY PHI RECORDS WERE EXPOSED?
10000
HOW MANY PII RECORDS WERE EXPOSED?
5000
HOW MANY UNIQUE PEOPLE WERE AFFECTED
10000
IS THIS THE ORGANIZATION'S FIRST BREACH?
YES
WAS THE DATA STORED IN A CENTRALIZED SYSTEM/LOCATION?
YES
IS FRAUD EXPECTED?
YES
IS A CLASS ACTION LAWSUIT EXPECTED?
YES
DOES YOUR ORGANIZATION CURRENTLY HAVE DATA BREACH COVERAGE?
NO
INCIDENT INVESTIGATION
FORENSICS INVESTIGATION:
$33,000
SECURITY REMEDIATION:
$102,000
BREACH COACH® LEGAL GUIDANCE:
$38,000
SUBTOTAL:
$173,000
PCI
FINES & PENALTIES:
$0
FRAUD ASSESSMENTS:
$0
CARD REISSUANCE:
$0
SUBTOTAL:
$0
CUSTOMER NOTIFICATION / CRISIS MANAGEMENT
CUSTOMER NOTIFICATION:
$30,000
CALL CENTER:
$750
CREDIT/D MONITORING:
$37,500
PUBLIC RELATIONS:
$36,000
SUBTOTAL:
$104,250
REGULATORY FINES & PENALTIES
STATE AG:
$951,150
HHS:
$1,047,500
OTHER (FTC, SEC, ETC.):
$101,250
SUBTOTAL:
$2,099,900
CLASS ACTION LAWSUIT
DEFENSE:
$208,000
eDISCOVERY:
$132,000
SETTLEMENT/DAMAGES:
$303.000
SUBTOTAL:
$643,000
TOTAL COST:
$3,020,150
PER RECORD COST:
$201
Important Information: The sample costs illustrated above are derived from NetDiligence® Data Breach Cost Calculator estimates and are provided for educational and illustration purposes only. Actual expenses and liability exposures due to identity theft or data breach incident may vary based on variables not considered in this calculator. Numerical results presented in the Data Breach Cost Calculator are based on a proprietary formula developed by NetDiligence and its insurance industry partners. This formula takes into account information available in the public domain and information obtained through various websites that track breach statistics. Please note: This calculator is not intended to predict insurable perils or related costs and has no bearing on any insurance policy. This calculator is not intended to itemize insurable or insured items of loss, nor is it intended to be relied upon for any insurance purchasing decisions including but not limited to any decision on the scope of cover required or the amount of indemnity required under any insurance.