Cybersecurity and privacy

Cybersecurity is on the mind of every business executive, whether the company is large, mid-sized or small. Data and intellectual property, as well as business processes supported by IT, may be your company’s most valuable assets. Protecting those assets from a cyberthreat requires a seamless integration of cybersecurity strategy and risk transfer. Zurich’s cyber specialists are ready to deliver industry-leading solutions that help address your cyber risk management needs. We are committed to helping you safeguard your company’s information assets.


Why Zurich?

Zurich has been providing comprehensive insurance solutions around the globe for more than 140 years. Zurich insures more than 90% of Fortune 500 companies and provides comprehensive solutions and insights for 25 industries. We also continue to maintain strong financial ratings.

In addition to knowledgeable cybersecurity and privacy professionals, Zurich’s Risk Services team is dedicated to cyber-related issues and produces predictive analytics in collaboration with our Claims team and underwriters. When Zurich professionals apply these insights to your company, the wide range of cyber risk and privacy issues can be addressed.

Through our strategic relationships, qualified Zurich customers have access to breach coaching and employee training programs. These services can help build awareness to ensure compliance with local regulations.

cybersecurity server room

Cybersecurity and privacy solutions

Zurich Cyber Insurance Policy

Zurich’s Cyber Insurance Policy offers a convenient, unified solution with coverages and features that can be customized to meet the specialized needs of mid-sized and large corporate customers. The program brings together features often attached to other commercial policies as individual endorsements with coverage limits up to US$25 million.


Key coverages


Liability coverages include:

  • Security and Privacy Liability
  • Regulatory proceedings defense costs
  • Civil fines and penalties associated with Payment Card Industry (PCI) and General Data Protection Regulation (GDPR)
  • Media liability coverage

Non-liability coverages include:

  • Privacy breach costs, including:
    • Forensic investigation expenses
    • Legal and public relations expenses
    • Credit and identity monitoring costs
    • Identity restorations and identity theft insurance costs 
    • Call centre costs
  • Business income loss, dependent business income loss (i.e., loss insured incurs due to a vendor’s network security event) and extra expense
  • Cyber extortion threats and reward payments
  • Digital asset replacement expenses
  • Cyber extortion threats and reward payments
  • System failures and dependent system failures
  • Reputational damages
  • Social Engineering Funds Transfer Fraud
  • Claims Avoidance coverage
Zurich Cyber Insurance Policy brochure

Cyber Risk Services

Zurich’s team of skilled Cyber Risk Specialists offers insights and guidance for customers seeking to better understand, manage and mitigate their cyber risk. Our team has a wide range of security experience as both practitioners and consultants in such industries as retail/wholesale, banking, insurance, professional services and the military. Our recommendations can be used by your information security team to help make your company’s computing environment and business more secure and resilient against cyberattacks.

Effective and robust cybersecurity requires an information security management system (ISMS) built on three pillars: people, process and technology.

People

A sampling of our people services includes:

  • Board of directors and C-suite education
  • User awareness training addressing the following:
    • Phishing
    • Social engineering
    • Password standards and management
    • Business email compromise
  • Security team training
  • Hiring practice security guidelines
  • Access management
    • Users
    • Vendors
    • Privileged users
    • Remote users


Process

We can assist in the development of processes, including:

  • Cybersecurity strategy
  • Capability roadmap
  • Policies and procedures
    • Acceptable use
    • Asset management
      • Vulnerability management
      • Patch management
    • Risk assessment
    • Vendor management
    • Incident response
    • Disaster recovery
  • Management metrics for cybersecurity


Technology

Some of our recommendations may involve specialized technology solutions available through established referral arrangements with leading security vendors and consultants. These firms can provide products and services to Zurich customers at a reduced cost.

Cyber Risk Services fact sheet

For more information, contact:

Risk Services
(416) 586 2740
riskservices@zurich.com

Network security monitoring

At Zurich, we are happy to offer our Zurich Cyber Insurance Policy policyholders services that go beyond risk transfer. These include risk services consultation and the opportunity to incorporate the starter level of the ZenOpz network security monitoring and vulnerability management services into your cybersecurity program.

What Is ZenOpz?

ZenOpz, LLC is not a Zurich affiliate. ZenOpz is a third-party managed security services provider (MSSP) that provides organizations with access to information security processes, procedures and technologies designed to help manage their cyber risks. Specific ZenOpz services are available to you as part of your Zurich Cyber Insurance Policy, including some of the following:

  • Continuous monitoring and vulnerability management of up to 50 networked devices at no additional cost
  • Customized alerts notifying you of detected security incidents
  • An initial 360-degree review, providing you with a holistic view of your overall data security program

The ZenOpz approach is founded on technologies, processes, capabilities and information security experience used in managing global enterprises.

Information about the security of the devices being monitored that is collected by ZenOpz will only be shared with Zurich with your explicit consent. You will have the opportunity to provide or withhold your consent to share the information with Zurich during the account creation process. If you consent, Zurich will use the information solely for the purpose of driving improvements in its cybersecurity underwriting processes and will not share the information with any other party except with its affiliates, as defined under the Business Corporations Act (Ontario). For further information on our privacy commitment please refer to our Privacy Policy.

ZenOpZ Fact Sheet
*

Data breach response resources

Following a breach, obtaining a technical and legal provider with the proper experience is important. Zurich offers its qualified customers a complimentary half-hour consultation with an experienced cyber-breach coach.

In addition, Zurich qualified customers can have access to a privacy lawyer to help them assess whether or not a computer forensics investigation is needed, or whether breach notifications are required. You may wish to contact the following approved third-party providers* to assist you in the event of a breach:

Data breach coaches: Dolden Wallace Folick, LLP 

Data breach response services:

  • AllClear ID: Available services include notification and call centre, and credit/identity monitoring/fraud remediation
  • ID experts: Available services include forensic investigation and notification and call centre
  • NPC’s Immersion Data Breach Response: Available services include notification and call centre
  • Kroll, Inc.: Available services include forensic investigation, notification and call centre, and credit/identity monitoring/fraud remediation
*The third-party service providers are not subsidiaries or affiliates of Zurich and use of their products and services are independent of, and not included within, any of Zurich’s products or services. Zurich does not guarantee the effectiveness or any results of any of the services provided by the third-party service providers. Zurich does not assume any liability and expressly disclaims any and all damages and other costs that may arise related to the use of or reliance upon the products, services, representations or warranties made by or on behalf of the third-party service providers.