OneBeacon Shines ITS Light for Cyber

PRODUCT: Information Technology Solutions™-Complete

COMPANY: OneBeacon Insurance Group, with coverage written through Atlantic Specialty Insurance Co., Homeland Insurance Company of New York, Homeland Insurance Company of Delaware, OBI America Insurance Co. and OBI National Insurance Co.

BEST RATING: A (Excellent)

AVAILABILITY: Coverage is available through agents, brokers and wholesalers approved to do business with OneBeacon Technology Insurance.

FOCUS: Tech firms face “exponential exposure to cybersecurity and communication liability risks” that can cause harm “to a third party or to the insured itself,” says Mary Fisk-Bieker, senior vice president and chief underwriting officer at OneBeacon Technology Insurance.

For those technology companies, OneBeacon Tech launched a new professional liability insurance product: Information Technology SolutionsTM-Complete (ITS). The modular, menu-driven cyber product protects against exposure to errors & omissions, privacy, communication liability and privacy regulatory risks, Fisk-Bieker says. As a claims-made product, it also offers key coverages for first-party claims.

Besides the insurance elements, ITS also offers services from third-party vendors for data breach mitigation and response services, along with the eRiskHub client portal with guidance for “shoring up cyber defenses and responding effectively to data breaches, network attacks and other cyber events,” Fisk-Bieker explains. The ITS “easy-to-read definitions, conditions and exclusions make it easier for producers to explain the coverage to clients,” she adds.

OneBeacon Technology Insurance has adopted the standards created by the National Institute of Standards and Technology, which arose from the Federal Framework for Improving Critical Infrastructure Cybersecurity, and has incorporated them into the application, underwriting process and risk control parts of its new product.

UNDERWRITING: Maximum policy limits are $10 million. Third-party liability coverages include: E&O for the insured’s products and services; information loss for unauthorized or accidental disclosure of personally identifiable information and corporate information in the insured’s or service provider’s care, custody or control; network security coverage for unauthorized use, including exceeding authority and denial of service attacks; and transmission of a virus or malware.

The product covers communication liability for incidents like copyright and trademark infringements, libel, slander, product disparagement or any other form of defamation involving advertising, access and content activities. It also includes coverage for privacy administrative proceedings, fines and consumer redress liability, claim defense of alleged violations of privacy regulations, and fines and consumer redress funds.

ITS first-party coverages pay cyber incident expenses, including breach consultation services—a separate limit outside the policy maximum aggregate limits—to help assess the severity of the event, prepare a news release, send notifications required by privacy regulations and establish an incident response plan. Incident management expense, information restoration and hardware replacement expense, and extortion payment and forensic expense are also included.

MINIMUM PREMIUM: varies by risk

TARGET: small to midsize technology companies such as information technology entities, electronics and hardware manufacturers, medical technology and life sciences firms, and telecommunications firms

COVERAGE TERRITORY: ITS is available in AL, AZ, CO, DE, FL, GA, HI, ID, IL, IN, IA, KS, KY, LA, ME, MA, MI, MO, MS, MT, NV, NJ, NM, NC, ND, OK, OR, PA, RI, SC, TN, UT, WA, WV, WI and WY. OneBeacon seeks to make the product available nationwide.

CONTACT: Mary Fisk-Bieker, senior vice president and chief underwriting officer; OneBeacon Technology Insurance, 28 State Street, Suite 1801, Boston, MA 02109; 781-332-7062

Ronimarie Acord is an IA contributor.