Cyber security and privacy

Zurich’s Cyber Insurance Policy offers a convenient, unified solution with coverages and features that can be customized to meet the specialized needs of mid-sized and large corporate customers. The program brings together features often attached to other commercial policies as individual endorsements with coverage limits up to US million.

Key coverages

• Security and Privacy Liability
• Regulatory proceedings defense costs
• Civil fines and penalties associated with Payment Card Industry (PCI) and General Data Protection Regulation (GDPR)
• Media liability coverage

• Privacy breach costs, including:
  • Forensic investigation expenses
  • Legal and public relations expenses
  • Credit and identity monitoring costs
  • Identity restorations and identity theft insurance costs 
  • Call centre costs
• Business income loss, dependent business income loss (i.e., loss insured incurs due to a vendor’s network security event) and extra expense
• Cyber extortion threats and reward payments
• Digital asset replacement expenses
• Cyber extortion threats and reward payments
• System failures and dependent system failures
• Reputational damages
• Social Engineering Funds Transfer Fraud
• Claims Avoidance coverage

Zurich's team of skilled Cyber Risk Specialists offers insights and guidance for customers seeking to better understand, manage and mitigate their cyber risk. Our team has a wide range of security experience as both practitioners and consultants in such industries as retail/wholesale, banking, insurance, professional services and the military. Our recommendations can be used by your information security team to help make your company’s computing environment and business more secure and resilient against cyber attacks.

Effective and robust cyber security requires an information security management system (ISMS) built on three pillars: people, process and technology.

A sampling of our people services includes:

• Board of directors and C-suite education
• User awareness training addressing the following:
  • Phishing
  • Social engineering
  • Password standards and management
  • Business email compromise
• Security team training
• Hiring practice security guidelines
• Access management
  • Users
  • Vendors
  • Privileged users
  • Remote users

We can assist in the development of processes, including:

• Cyber security strategy
• Capability roadmap
• Policies and procedures
  • Acceptable use
  • Asset management
    • Vulnerability management
    • Patch management
  • Risk assessment
  • Vendor management
  • Incident response
  • Disaster recovery
• Management metrics for cyber security

Some of our recommendations may involve specialized technology solutions available through established referral arrangements with leading security vendors and consultants. These firms can provide products and services to Zurich customers at a reduced cost.

Following a breach, obtaining a technical and legal provider with the proper experience is important. Zurich offers its qualified customers a complimentary half-hour consultation with an experienced cyber-breach coach.

In addition, Zurich qualified customers can have access to a privacy lawyer to help them assess whether or not a computer forensics investigation is needed, or whether breach notifications are required. You may wish to contact the following approved third-party providers* to assist you in the event of a breach:

Data breach coaches: Dolden Wallace Folick, LLP

Data breach response services:

• AllClear ID: Available services include notification and call centre, and credit/identity monitoring/fraud remediation
• ID experts:: Available services include forensic investigation and notification and call centre
• NPC's Immersion Data Breach Response: Available services include notification and call centre
• Kroll, Inc.: Available services include forensic investigation, notification and call centre, and credit/identity monitoring/fraud remediation