Risk Management & Tort Defense

Protecting Montana's Vital Assets & Resources

Cyber/Data Security Insurance

A summary of data/information security insurance coverage, exclusions, and policy information is provided below. Coverage may vary by agency. This summary does not alter or amend coverage provided in statute or under the state property/casualty insurance program. If your agency experiences a data/information security incident involving the unauthorized disclosure of private, non-public information, please follow the instructions on our website at rmtd.mt.gov/claims/agenciesreportclaims.aspx and submit the claim to the Risk Management & Tort Defense Division. For additional information, please contact us at (406)444-2421.

SUMMARY

  1. Insurer:  Beazley Insurance Company and Greenwich Insurance Company.
     
  2. Broker:  Alliant Insurance Services, Inc.
     
  3. Term:   7/1 to 6/30 each fiscal year.
     
  4. Coverage Territory:  This policy applies to insured events worldwide.
     
  5. Coverage Summary:   This policy provides coverage for the following:
     

Data/Information Security Liability

  1. Damages and claims expenses associated with theft, loss, and unauthorized disclosure of private, non-public information.
  2. Damages and claims expenses associated with alteration, corruption, and deletion of private, non-public information caused by malicious code and/or service denial failure.
  3. Damages and claims expenses associated with unauthorized sharing and unauthorized selling of private, non-public information.
  4. Failure to administer an identity theft protection program.

Privacy Notification Costs

  1. Cost of hiring computer security experts to determine the existence and cause of a breach of private, non-public information.
  2. Cost to comply with breach notification laws.
  3. Cost of notifying parties affected by the breach.
  4. Cost of credit monitoring for one year for individuals affected by the breach of privacy laws.

Regulatory Defense and Penalties

  1. Claims expenses and penalties arising from regulatory proceedings involving the unauthorized disclosure of private, non-public information.
  2. Claims expenses and penalties arising from violations of privacy laws.

Website Media

  1. Damages and expenses associated with defamation, libel, slander, caused by the disclosure of private, non-public information.
  2. Damages and expenses associated with public disclosure of private information.
  3. Damages and expenses associated with plagiarism, piracy, misappropriation of ideas involving private, non-public information.
  4. Damages and expenses associated with infringement of copyright of private, non-public information.
  1. Exclusions:  A summary of exclusions is hereby provided.
    1. Bodily Injury or Property Damage
    2. Any employer-employee relations policies and practices
    3. Contractual liability or obligation
    4. Anti-trust violations
    5. Unfair trade practices
    6. Incidents occurring prior to retroactive date of coverage
    7. Securities Act violations
    8. Fair Labor Act violations
    9. Discrimination
    10. Patent infringement
    11. Money/securities/funds transfer
    12. Broadcasting, publications, and advertising
    13. War and terrorism
    14. Pollution
    15. Nuclear events
    16. Radioactive contamination
     
  2. Approved Vendors:  Insurance coverage may not apply if the insurance carriers' approved vendors https://cyberservices.beazley.com/usa/your_services_and_providers.html are not utilized. Contact the Risk Management and Tort Defense Division if you have questions.
     
  3. Co-Insurance:  There is no deductible. However, each agency or university is responsible for 10% of reasonable and necessary expenses incurred by the Risk Management & Tort Defense Division to investigate, evaluate, and resolve data/information security claims. The division will bill agencies for their fair share of co-insurance payments after the loss up to a maximum of $25,000.
     
  4. Limits:
    $10,000,000 per occurrence Business Interruption/Data Recovery (Liability & 1st Party)
    $10,000,000 per occurrence Data/Network/Media/Cards (Liability & 1st Party) subject to the Montana Tort Cap (§2-9-108, MCA)
    $10,000,000 per occurrence Regulatory Fines & Penalties (Liability) subject to the Montana Tort Cap (§2-9-108, MCA)
    $12,000,000 annual aggregate all coverages combined
    $10,000,000 per occurrence Privacy Notification
     
  5. Deductibles:
    $250,000 Risk Management & Tort Defense, 10% co-pay per agency/university up to $25,000
  1. Note: Losses that fall outside of commercial insurance limits are the responsibility of each agency/university.