Get A Quote
In today’s technology marketplace, change happens rapidly, and it happens on more of a global scale than ever before. To protect your company, you need insurance that is customized especially for technology companies like your own.

The insurance policies offered by Keystar Insurance respond globally, and to claims brought electronically – including the internet – something most standard policies will not.

Coverages available to technology companies:

  • Technology Errors & Omissions
  • Cyber Liability
  • General Liability (for tech companies)
  • Intellectual Property
  • Excess Liability
  • Property / Marine
  • Automobile
  • Workers Compensation
  • Employment Practice Liability
  • Directors & Officers Liability
  • Workplace Violence

Eligible Technology Industries (though not limited to):

  • ISP/ASP Providers
  • LAN Administrators
  • Technology Consultants
  • Web Designers
  • Local Exchange Providers
  • VoIP Providers
  • Hardware and Software Providers
  • Tech Manufacturing Companies (including Med Tech)
  • Optic
q

Unauthorized Access

 
Read Scenario
An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.

Human Error

 
Read Scenario
A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner. Instead, one person received both copies. The mistake sent tax forms
and social security numbers to strangers. Approximately 50% of the landlords who work with the community action corporation received their forms in addition to the private information of the others.

Theft of Digital Assets

 
Read Scenario
A regional retailer contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5M.

Cyber Extortion Threat

 
Read Scenario
A U.S. based information technology company contracted with an overseas software vendor. The contracted vendor left universal “administrator” defaults installed on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit
such vulnerability. The hacker advised if the requested payment
was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2M.

Privacy Breach

 
Read Scenario
An employee of a rehabilitation center improperly disposed of 4,000 client records in violation of the center’s privacy policy. The records contained social security numbers, credit and debit card account  numbers, names, addresses, telephone numbers, as well as sensitive medical information. The center settled the claim with the state of Massachusetts and agreed to pay
fines and penalties imposed by the state as well as extend $890,000 in customer redress funds for credit monitoring on behalf of the victims.

Malicious Code

 
Read Scenario
A juvenile released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.
q

Unauthorized Access

 
Read Scenario
An international computer hacking group gained access electronically to the computerized cash registers of a restaurant chain and stole credit card information of 5,000 customers, starting a flood of fraudulent purchases around the world.

Human Error

 
Read Scenario
A non-profit community action corporation printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms and send each to its rightful owner. Instead, one person received both copies. The mistake sent tax forms
and social security numbers to strangers. Approximately 50% of the landlords who work with the community action corporation received their forms in addition to the private information of the others.

Theft of Digital Assets

 
Read Scenario
A regional retailer contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the retailer. Under applicable notification laws, the retailer – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5M.

Cyber Extortion Threat

 
Read Scenario
A U.S. based information technology company contracted with an overseas software vendor. The contracted vendor left universal “administrator” defaults installed on the company’s server and a “Hacker for Hire” was paid $20,000 to exploit
such vulnerability. The hacker advised if the requested payment
was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2M.

Privacy Breach

 
Read Scenario
An employee of a rehabilitation center improperly disposed of 4,000 client records in violation of the center’s privacy policy. The records contained social security numbers, credit and debit card account  numbers, names, addresses, telephone numbers, as well as sensitive medical information. The center settled the claim with the state of Massachusetts and agreed to pay
fines and penalties imposed by the state as well as extend $890,000 in customer redress funds for credit monitoring on behalf of the victims.

Malicious Code

 
Read Scenario
A juvenile released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.
What is Cyber Insurance?
Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.
What does Cyber Insurance cover?
Besides legal fees and expenses, cyber insurance typically helps with:

  • Notifying customers about a data breach
  • Restoring personal identities of affected customers
  • Recovering compromised data
  • Repairing damaged computer systems

Most states require companies to notify customers of a data breach involving personally identifiable information – a process that can be very expensive. And even though most states don’t require companies to offer free credit monitoring following a breach, such a gesture goes a long way with public relations.

What is a data owner?
Data ownership is the act of having legal rights and complete control over a single piece or set of data elements. It
defines and provides information about the rightful owner of data assets and the acquisition, use and distribution policy
implemented by the data owner. Employers have at least some of the above information on all of their employees.
What kind of information is at risk?
Consumer Information
• Credit Cards, Debit Cards, and other payment information
• Social Security Numbers, ITIN’s, and other taxpayer records
• Customer Transaction Information, like order history, account numbers, etc.
• Protected Healthcare Information (PHI), including medical records, test results, appointment history
• Personally Identifiable Information (PII), like Drivers License and Passport details
• Financial information, like account balances, loan history, and credit reports
• Non-PII, like email addresses, phone lists, and home address that may not be independently sensitive, but may be more
sensitive with one or more of the above

Employee Information
• Employers have at least some of the above information on all of their employees

Business Partners
• Vendors and business partners may provide some of the above information, particularly for Sub-contractors and
Independent Contractors
• All of the above types of information may also be received from commercial clients as a part of commercial transactions or
services
• In addition, B2B exposures like projections, forecasts, M&A activity, and trade secrets

What is a data breach?
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
Who is at risk?
Breaches are not just for the Fortune 500 companies anymore. The majority (87%) of claims are for organizations with revenues less than $2B.
What is the average cost?
The average cost of a data breach is $204 per lost record, with more than half of such costs attributable to lost customers and the associated public relations expenses to rebuild an organization’s reputation.
Won’t my general liability policy cover cyber liability?
General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.
Who needs Cyber Insurance?
Attacks against all business are increasing. Small businesses tend to think they are safely tucked away from exposure, but Symantec found that over 30 percent of phishing attacks in 2015 were launched against organizations with less than 250 employees. Symantec’s 2016 Internet Security Threat Report indicated that 43 percent of all attacks in 2015 were targeted at small businesses. On a larger scale, the Centre for Strategic and International Studies in 2014 estimated annual costs to the global economy from cyber crime was between $375 billion and $575 billion. Although sources differ, the average cost of a data breach incident to large companies is over $3 million. Each organization has to decide if they can risk that amount of money, or if cyber insurance is necessary to defray the costs for what very well may occur.
Cyber Insurance facts.
Did you know that 55% of small businesses have experienced a data breach and that 53% have had multiple breaches?

A data breach can damage more than just your small-business computer system – it also can damage your reputation and put your customers and/or employees at risk. That’s why cyber insurance can be a smart precaution for any size business.

You understand the value of protecting your business. Business safety and loss control are necessary components of a complete business plan. That’s why planning, prevention and a safety-first attitude is also good for your business.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates.

Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; and, commit health insurance or Medicare fraud.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates.

Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; and, commit health insurance or Medicare fraud.

So what can you do besides pray?

 

Basic training can stop a majority of low-level threats. But, coaching your employees on data protection is not enough. Business owners must establish data security protocols, policies, practices and procedure that every employee takes seriously.

 

Z

Create a business continuity and incident response plan.

This will be put into effect immediately once you know your systems have been compromised.
Z

Keep security software current.

Having the latest security software, web browser and operating systems are the best defenses against viruses, malware and other online threats.
Z

When in doubt, delete it.

Links in e-mails, tweets, posts and online advertising are often how cybercriminals try to steal information. Even if you know the source, if something looks suspicious, delete it.
Z

Protect all devices that connect to the Internet.

Along with computers, smartphones, tablets, and other web-enabled devices need to be protected from viruses and malware.
Z

Plug and scan.

USBs and other external devices can be infected by viruses and malware.  Use your security software to scan them.
Z

Consider cyber insurance.

While premiums continue to rise, the cost of the insurance will look small in comparison to the cost of experts and consultants to restore your systems — or the cost going out of business.
Z

Expand beyond IT.

Don’t delegate cyber-crime prevention solely to your IT department and tell them “get on with it.” Embed these practices across all areas of your business.
Z

Encrypt your most sensitive files.

Encrypting data is a process of converting data into a form, where it becomes unintelligible to any person without access to a key/password to decrypt the data.
Encryption may be hardware or software based. Hardware encryption and decryption processes are executed by a dedicated processor on the hardware encrypted device. In software encryption, the resources of the device on which the software is installed are used to encrypt and decrypt the data.

Websites hacked. Corporate data leaked. Identities stolen. The threats are real and growing.  Small business owners have to assume they will be victims of cybercriminals since 75 percent of all organizations have experienced a data/cyber security breach in the past 12 months and 82 percent of all Social Security numbers have been hacked more than once. Cybercrime is now the world’s largest business running in the trillions of dollars.  So far the “bad guys” are winning.

So what can you do besides pray?

 

Basic training can stop a majority of low-level threats. But, coaching your employees on data protection is not enough. Business owners must establish data security protocols, policies, practices and procedure that every employee takes seriously.

 

Z

Create a business continuity and incident response plan.

This will be put into effect immediately once you know your systems have been compromised.
Z

Keep security software current.

Having the latest security software, web browser and operating systems are the best defenses against viruses, malware and other online threats.
Z

When in doubt, delete it.

Links in e-mails, tweets, posts and online advertising are often how cybercriminals try to steal information. Even if you know the source, if something looks suspicious, delete it.
Z

Protect all devices that connect to the Internet.

Along with computers, smartphones, tablets, and other web-enabled devices need to be protected from viruses and malware.
Z

Plug and scan.

USBs and other external devices can be infected by viruses and malware.  Use your security software to scan them.
Z

Consider cyber insurance.

While premiums continue to rise, the cost of the insurance will look small in comparison to the cost of experts and consultants to restore your systems — or the cost going out of business.
Z

Expand beyond IT.

Don’t delegate cyber-crime prevention solely to your IT department and tell them “get on with it.” Embed these practices across all areas of your business.
Z

Encrypt your most sensitive files.

Encrypting data is a process of converting data into a form, where it becomes unintelligible to any person without access to a key/password to decrypt the data.

Encryption may be hardware or software based. Hardware encryption and decryption processes are executed by a dedicated processor on the hardware encrypted device. In software encryption, the resources of the device on which the software is installed are used to encrypt and decrypt the data.

Websites hacked. Corporate data leaked. Identities stolen. The threats are real and growing.  Small business owners have to assume they will be victims of cybercriminals since 75 percent of all organizations have experienced a data/cyber security breach in the past 12 months and 82 percent of all Social Security numbers have been hacked more than once. Cybercrime is now the world’s largest business running in the trillions of dollars.  So far the “bad guys” are winning.

R

Network Security Liability

 
Learn More
Liability to a 3rd party as a result of a failure of company’s network security to protect against destruction, deletion or corruption of a 3rd party’s electronic data, denial of service attacks against Internet sites or
computers; or transmission of viruses to third party computers and systems.
R

Identity Theft Response Fund

 
Learn More
Expenses to comply with privacy regulations, such as communication to and credit monitoring services for affected customers. This also includes expenses incurred in retaining a public relations firm for the purpose of protecting/restoring company’s reputation as a result of the actual or alleged violation of privacy regulations.
R

Cyber Extortion

 
Learn More
Ransom or investigative expenses associated a threat directed at the company to release, divulge, disseminate, destroy, steal, or
use the confidential information taken from the Insured, introduce malicious code into the company’s computer system; corrupt, damage or destroy company’s computer system, or restrict or hinder access to the company’s computer system.
R

Privacy Liability

 
Learn More
Liability to a 3rd party as a result of company’s failure to properly handle, manage, store or otherwise control personally identifiable information,
corporate information identified a confidential and protected under a nondisclosure agreement and unintentional violation of privacy regulations.
R

Network Business Interruption

 
Learn More
Reimbursement of the company’s own loss of income or extra expense resulting from an interruption or
suspension of its systems due to a failure of network security to prevent a security breach.
R

Social Engineering Fraud

 
Learn More
An insured seeking to cover the risk of loss from social engineering
should consider insurance coverage tailored to address these risks.

Insurers are now offering the option of purchasing a sub-limit for social engineering fraud coverage as an add on to an insured’s existing crime insurance policy subject to an
additional premium.

More insurers are currently sub-limiting coverage for this exposure to
a maximum limit of $250,000 and subject to a deductible.

Some insurers may also have restrictions in their coverage as it relates to covered claims for this exposure (ie. supplier/customer verification requirements).

R

Regulatory

 
Learn More
Defense expenses and civil fines or penalties paid to a governmental
entity in connection with an investigative demand or civil proceeding regarding actual or alleged violation of privacy laws.
R

Data Asset Protection

 
Learn More
Recovery of the company’s costs and expenses incurred to restore, recreate or regain access to any software or electronic data from back-ups or from originals or to gather, assemble and recreate such software or electronic data from other sources to the level or condition in which it existed immediately prior to its alteration, corruption, destruction, deletion or damage.
R

Public Relations

 
Learn More
Costs associated with restoring a business’ image within the community based on the impact of a data breach.
R

Network Security Liability

 
Learn More
Liability to a 3rd party as a result of a failure of company’s network security to protect against destruction, deletion or corruption of a 3rd party’s electronic data, denial of service attacks against Internet sites or
computers; or transmission of viruses to third party computers and systems.
R

Identity Theft Response Fund

 
Learn More
Expenses to comply with privacy regulations, such as communication to and credit monitoring services for affected customers. This also includes expenses incurred in retaining a public relations firm for the purpose of protecting/restoring company’s reputation as a result of the actual or alleged violation of privacy regulations.
R

Cyber Extortion

 
Learn More
Ransom or investigative expenses associated a threat directed at the company to release, divulge, disseminate, destroy, steal, or
use the confidential information taken from the Insured, introduce malicious code into the company’s computer system; corrupt, damage or destroy company’s computer system, or restrict or hinder access to the company’s computer system.
R

Privacy Liability

 
Learn More
Liability to a 3rd party as a result of company’s failure to properly handle, manage, store or otherwise control personally identifiable information,
corporate information identified a confidential and protected under a nondisclosure agreement and unintentional violation of privacy regulations.
R

Network Business Interruption

 
Learn More
Reimbursement of the company’s own loss of income or extra expense resulting from an interruption or
suspension of its systems due to a failure of network security to prevent a security breach.
R

Social Engineering Fraud

 
Learn More
An insured seeking to cover the risk of loss from social engineering
should consider insurance coverage tailored to address these risks.

Insurers are now offering the option of purchasing a sub-limit for social engineering fraud coverage as an add on to an insured’s existing crime insurance policy subject to an
additional premium.

More insurers are currently sub-limiting coverage for this exposure to
a maximum limit of $250,000 and subject to a deductible.

Some insurers may also have restrictions in their coverage as it relates to covered claims for this exposure (ie. supplier/customer verification requirements).

R

Regulatory

 
Learn More
Defense expenses and civil fines or penalties paid to a governmental
entity in connection with an investigative demand or civil proceeding regarding actual or alleged violation of privacy laws.
R

Data Asset Protection

 
Learn More
Recovery of the company’s costs and expenses incurred to restore, recreate or regain access to any software or electronic data from back-ups or from originals or to gather, assemble and recreate such software or electronic data from other sources to the level or condition in which it existed immediately prior to its alteration, corruption, destruction, deletion or damage.
R

Public Relations

 
Learn More
Costs associated with restoring a business’ image within the community based on the impact of a data breach.
What is Social Engineering Fraud?
Cyber criminals have shifted their focus away from pure technological attacks and instead have attacked employees
through the use of “social engineering” – a collection of techniques used to manipulate people into performing actions or divulging confidential information.
What processes are at risk?
  • Point of sale purchases debit/credit cards – retail
  • ATM transactions – banking
  • E-commerce and online sales
  • Electronic business communications
  • Many others!
What is a Social Engineer?
A social engineer is nothing but a con man who uses technology to swindle people and manipulate them into disclosing passwords or bank information or granting access to their computer.
What are some examples of Social Engineering Schemes?
Social Engineers prey on innate human emotions (ie. fear, curiosity, the natural desire to help, the tendency to trust, complacency). The weakest link in the security chain of businesses is the employee who accepts a person or scenario at face value – social engineers target this vulnerability.

A few common examples include:

  • Messages from Trustworthy Sources
  • Phishing Schemes
  • Baiting Scenarios
  • Impersonating Superiors
Does traditional crime insurance cover Social Engineering Fraud?
Many businesses believe that traditional crime policies (or financial institution bonds) cover all cyber-related losses. Although most crime insurance policies today carry computer fraud and funds transfer insuring agreements, courts have generally held that incidents where the insured voluntarily or is duped into transferring funds are not covered.

An insured seeking to cover the risk of loss from social engineering should consider insurance coverage tailored to address these risks.

connect me

Pages

Healthy coverage means peace of mind. Let us take a look at your current policy to make sure it's working for you and your business.

We will be in contact soon!

Do you have insurance coverage, or insurance confidence? Time to find out.

Call Now
Directions