Cyber Liability Coverage Update for 2022-23

1What’s Happening?

The marketplace for cyber liability insurance has changed significantly in the last two years, and since July 1, 2021, even more dramatic changes have occurred. As public entities experience more frequent and severe cyber security incidents, premiums and deductibles have increased, while policy limits have decreased, and the scope of available coverage has contracted. Fewer carriers are writing this type of coverage and underwriting criteria are becoming increasingly stricter. These factors negatively impacted the Authority’s Cyber Liability Program renewal last year, creating a difficult situation where reduced coverage had to be accepted despite an increase in premium. All indications are that the 2022-23 renewal will be even more challenging.

Insurance carriers are now requiring new and more detailed information to consider prospective insureds for coverage. They are seeking to confirm that at least some minimum level of security protocols are in place, and that cyber intrusion countermeasures are actively protecting member computer systems and networks.

2Prepare for Insurability and to Reduce Cyber Risk

Below is a link to a self-assessment of best-practice cyber security measures. Members are strongly encouraged to complete the self-assessment and remediate any deficient items, not only to improve insurability, but also as protection against cyber security incidents.

Your agency’s insurability will be enhanced if you improve your cyber security risk profile. Please note that the self-assessment is for internal use only and does not need to be returned to the Authority.

Download Self-Assesment

3Complete Cyber Application

All members must complete an application through Alliant’s Cyber PE portal by March 18, 2022.

Obtaining Login Credentials
Members who already have Alliant Connect login credentials can use them to access the Cyber PE portal. Please only use Google Chrome or Mozilla Firefox to access the portal. The portal may not function as intended using other web browsers.

Completing the Application
If certain questions cannot be answered at this time, do not allow this to delay submission of the application. While a fully completed application best positions the Authority and individual members to obtain cyber coverage for 2022-23, submitting a partial application by the deadline is preferable to submitting no application, or submitting a late application.

The following sections of the application are essential for members to complete:

  • Internal Security
  • Email Security

4Application Assistance

Please click this link to access a recording of a virtual application review session that occurred on March 15, 2022. Representatives from Alliant reviewed the application in its entirety and answered questions from attendees. The passcode to access the recording is SZip!996.

If you have questions about or need assistance with completing the application, please contact:

Christopher Gray
Account Manager – Lead
(949) 660-5944

Insurance carriers consider certain cyber security controls and protocols crucial for evaluating insurability. Click on the link below for a detailed list of the most essential controls. Please keep this in mind as you complete the application.

Download Recommended Cyber Security Protocols to Improve Insurability

5What If I Need Help?

Members who need consulting support and technical assistance with analyzing and improving cyber security, may choose to work with an outside vendor. As one option, the Authority has partnered with Ankura, a cyber security firm providing comprehensive solutions to strengthen organizational security using a balanced approach based on incremental improvements. Ankura is available to help members remediate any deficiencies identified in the self-assessment. Please note: engagement of Ankura is at each member’s own expense.

Joe Clarke
Senior Associate – Cybersecurity, Privacy, and Compliance – Americas
Mobile: (619) 572-8040

6Watch Cyber Security Training

The Authority recently provided virtual cyber security training for members. The first half of the session was intended for all public agency staff, while the second was intended for incident response teams. Full video of the training can be accessed here. Slides are also available for both sessions:.

If you have input you wish to share on how the Authority can better serve member cyber security or coverage needs, please communicate with your assigned Regional Risk Manager. The Authority greatly values member input so that we can provide the best possible programs and services.