Fund Coverage 101: Intro to Cybersecurity Claims

This article is part of our Coverage 101 series, in which we provide general overviews of the Auto, Liability, Property, and Cybersecurity lines of coverage offered by the Fund. Note that this is not an exhaustive description of everything included in your coverage with the Fund. Please consult your coverage agreement or your program contact for exact details of what is and is not covered.

Schools handle a lot of data, which can be a prime target for cybercriminals. Cyber-attacks have drastically increased in frequency in recent years, resulting in trillions of dollars in damages against entities of all sizes, including smaller governmental entities like school districts. The TASB Risk Management Fund recognizes schools’ rising risks of cybercrime, which is why the Fund created its Privacy and Information Security coverage program to meet members’ safety needs in the digital age.

Comprehensive coverage

The Fund’s cybersecurity coverage is available to members of the Fund’s Liability program and provides coverage for the different kinds of cyber incidents that members might face. The program has greatly expanded since its establishment in 2014, with increased limits to meet the heightened exposure faced by schools and to offer comprehensive digital security coverage. Read on to learn about common cyberattacks to prepare for and how to get help from the Fund.

Common cybersecurity claims

Cybercriminals are dynamic and have a varied toolset they can use to breach your organization’s digital defenses. Be on the lookout for a range of cyber threats, including some of the most common risks outlined below.

Fraudulent instruction

You’ve just gotten an email from your school’s construction contractor asking for payment. This email might look perfectly genuine on the surface, but it is really a hoax created by cybercriminals to trick you into sending money to them. This is fraudulent instruction, a scheme in which cybercriminals pose as a legitimate company or individual to steal your funds or sensitive information. To avoid such scams, always ensure that an email is legitimate by checking it through multiple methods of communication. For example, visit the original vendor's website, call the email sender, and triple-check that the message is authentic before transferring any funds.

Ransomware

You open your computer and see a threatening window pop up, notifying you that your files have been encrypted and cannot be accessed unless you pay a fine. This is ransomware, which holds your data captive until you pay a ransom to your hackers. In many cases, your files will be permanently deleted if you do not pay your attackers within a specified timeframe. A simple way to protect against these incidents is to always keep your devices updated and to invest in security measures such as multi-factor authentication.

Viruses

You click a suspicious link, and odd things immediately start happening on your computer. You get prompted to download shady software, unusual windows pop up at random, and some files are missing or altered. This is the work of viruses, a powerful cybercrime tool that can be used to hack into your devices, gain access to your computer systems without authorization, and steal your data. Viruses can infect your computer through a variety of channels—some are spread through sketchy websites, whereas others are sent through phishing emails, for example.

How to report

The Fund has responded to hundreds of cases of ransomware, fraudulent instruction, and other cyber threats in recent years. If your district falls prey to a cyber-attack, file a claim to the Fund immediately so you can quickly receive coverage and prevent further losses. Report claims online, or for a quicker response to urgent inquiries, contact Fund Liability Claims Manager Marcy Barker at 855-295-8344 or via email.

When you report your claim, be sure to include the following relevant information about the incident:

• General details about what happened
• When the incident occurred
• Steps taken to address the situation
• Best point of contact for inquiries

Your incident report will be sent to the Fund’s data privacy and security carrier, Beazley. The Beazley team will follow up with a request for a scoping call with your school’s point of contact and representative from the Fund. Next steps, such as soliciting third-party vendors, will be determined in this call. Necessary documentation, including Letters of Engagement and Statements of Work, will be executed by the Fund on behalf of the member.

Expert help from the Fund

The Fund will cover claim expenses, damages, or penalties on covered claims related to information security, privacy liability, regulatory proceedings, or payment card liabilities. The Fund can also help respond to a cybersecurity incident by connecting you with third-party services for computer experts, legal help, public relations, credit or identity monitoring companies, and other supporting services. Additionally, in the event of a data breach requiring notification, the Fund can cover the cost to notify the affected individuals of the situation.

Along with coverage, Fund members should be equipped to mitigate and respond to cyber threats before serious incidents can occur. With that in mind, the Fund conducts regular webinars and training sessions to instruct members on safe cyber practices.