澳门跑狗论坛

Special Report
Privacy & Security

Threat of Data-Privacy Litigation Fuels District Insurance Purchases

By Malia Herman 鈥 October 19, 2015 6 min read
  • Save to favorites
  • Print
Email Copy URL

As more large, well-known companies鈥攕uch as Anthem health insurance, Home Depot, and Target鈥, school districts have begun to realize they could be next.

Some have taken out a new kind of insurance policy called cyberinsurance. Unlike traditional property insurance or general-liability insurance, these new policies are geared specifically toward protecting data, both digital and print, in the event of a breach.

鈥淚t鈥檚 becoming something that is hard to ignore, and companies across the spectrum are realizing that, and school districts are starting to realize it as well, because of the large amount of data they hold,鈥 said Andrew Laubmeier, a cyber-risk broker with Aon Risk Solutions鈥 Financial Services Group, one of many brokerage firms now offering cyberpolicies to school districts.

John Gambale, the head of professional liability, Americas region, for the American International Group, or AIG, said student data are 鈥渉ighly sought after鈥 on the black market, and most schools lack the resources to adequately protect the data. 鈥淭hieves look at the potentially antiquated IT systems and see them as very appealing targets,鈥 he said, explaining that AIG offers cyberinsurance to schools as well as technology and training to prevent a breach.

Cyberpolicies typically cover data breaches whether they are accidental, such as an employee losing a laptop or emailing sensitive information to the wrong person, or via a coordinated hacking attack.

Expenses following any of those scenarios could be astronomical, depending on how many current or former employees鈥 or students鈥 information was compromised. Laws differ by state on who must be notified, how quickly, and how the notifications must be handled.

Cyberinsurance covers all notification costs, as well as the cost of investigating how the breach occurred, who could be affected, and legal assistance to determine notification requirements. Some policies also cover credit-monitoring services and media relations, in addition to third-party costs in the event of a civil lawsuit or class action.

It鈥檚 unclear how many districts have purchased cyberpolicies. Laubmeier said Aon covers several districts but declined to say exactly how many. 鈥淲e are seeing a very large uptick in the number of school districts that have inquired about the possibility of cyberinsurance,鈥 he said.

Mr. Gambale also declined to say how many school systems AIG covers, but said it鈥檚 definitely an area of growth. Schools and institutions of higher education are now listed as a category in his firm鈥檚 risk portfolio.

鈥淭wo years ago, that segment was not big enough for me to track,鈥 he said, adding that across all industries, his firm鈥檚 cyberinsurance portfolio has increased 30 percent in the past year.

鈥楨asy Target鈥

Trudy Sowar, the director of risk-management services for the Georgia School Boards Association, which provides pooled-insurance coverage to districts via Marsh Insurance, has for the past three years. So far, 59 of the 95 districts in Georgia have taken the coverage.

鈥淚f you really think about it, we are probably some of the most fertile ground [for a cyberattack],鈥 she said, referring to the copious amount of personal data鈥擲ocial Security numbers, medical records, payroll information鈥攖hat each school district keeps on file.

Michael A. Alao, a former chief internal-audit executive for the Cincinnati school district, said Sowar is right. In fact, he said, districts provide easy targets for cyberthieves.

鈥淚f you are going to scam someone, you go against an easy target,鈥 Alao said, pointing out that not all districts have an auditor or a chief technology officer to maintain tight security controls and firewalls.

Sowar said the cost of the coverage is relatively low, about $1 per student. Since many of the state鈥檚 school districts have fewer than 10,000 students, it ends up not being that expensive, she said.

Still, there has been some pushback.

鈥淪ometimes, it鈥檚 that the technology officer believes that their firewalls are going to protect them,鈥 she said. 鈥淎nd sometimes, it鈥檚 a financial issue because we鈥檝e seen so many cuts to school funds lately.鈥

Why Districts Buy Cyberinsurance

A growing number of districts around the country have recently bought insurance policies with coverage for data-privacy risks. Among them:

GARDEN CITY, N.Y. | Enrollment: 4,000

The district has a new cyberinsurance policy starting this school year with Lloyd鈥檚 of London at a cost of about $11,000 a year.

What the insurance covers: The school鈥檚 cyberpolicy is in addition to general-liability and property insurance. It would compensate the district for the expenses incurred by making the required notifications in the event of a data breach. It also includes catastrophic insurance to protect the district in the event of a lawsuit stemming from the breach.

Why it purchased cyberinsurance: The Anthem health-insurance data breach this past February was a real 鈥渨ake-up call,鈥 said Superintendent Robert Feirsen. The district had already been working on making sure its network was secure, but Feirsen said schools needed added protection.

鈥淲e have a tremendous amount of data that we store, and a lot of it is personal, regarding the students and staff, and also financial, plus confidential information as well. It鈥檚 a brave new world for everyone. Several years ago, this would not even have been a blip on the radar.鈥 - Robert Feirsen

ANN ARBOR, MICH. | Enrollment: 17,000

The school district has had a cyberinsurance policy from Zurich Insurance Group since February 2014.

What the insurance covers: The supplemental-insurance policy covers the cost of regulatory proceedings related to a data breach, Internet media liability (e.g., invasion of privacy, slander, plagiarism, copyright infringement or negligence related to Internet content), privacy-breach costs, cyberextortion and threats, and reward/payment coverage. The plan costs $25,155 per year, compared with about $800,000 the district pays in other liability-insurance coverage each year.

Why it purchased cyberinsurance: Judy Solowczuk, the district鈥檚 executive assistant for finance and operations, said the district鈥檚 insurance agency recommended the coverage, and since Ann Arbor is a district with lots of sensitive data, she thought it was time for protection. Solowczuk said the cost of the insurance was a 鈥渄rop in the bucket compared to what it might cost us if we had a cyberattack or something was breached.鈥

鈥淲hen you see Target and all these big companies being breached, it鈥檚 scary. We aren鈥檛 as big, but if someone hacked into our system, they could really do some damage.鈥 - Judy Solowczuk

PAULDING COUNTY, GA. | Enrollment: 28,500

The school system has had cyberinsurance since July 2014. The district pays about $25,000 a year for the policy, which is through the Georgia School Boards Association鈥檚 pooled-insurance plan with Marsh, a global provider in insurance brokering and risk management and a subsidiary of Marsh & McLennen Companies.

What the insurance covers: The policy is an add-on to other insurance the school district has, such as workers鈥 compensation, general-liability, and property and casualty insurance. It covers the costs of investigating the breach, making the required notifications, and any related lawsuits.

Why it purchased cyberinsurance: About 10 years ago, the district was the victim of a 鈥減hishing鈥 attack by hackers out of St. Petersburg, Russia. A man walked into the bank that the school district used and withdrew money using the district鈥檚 password. The bank was not required to compensate the district, but it chose to refund most of the money that was taken. Superintendent Cliff Cole said the incident shows that 鈥渆veryone is vulnerable.鈥 When the cyberinsurance policy was first offered, he said it was a 鈥渘o brainer鈥 to sign up.

鈥淯nfortunately, the society we live in today, it鈥檚 almost weekly that you hear about someone鈥檚 files being hacked or someone鈥檚 identity being stolen. So many people are concerned now about identity theft and privacy rights. It鈥檚 another layer of protection for our students and employees.鈥 - Cliff Cole

A version of this article appeared in the October 21, 2015 edition of 澳门跑狗论坛 as Threat of Data-Privacy Litigation Prompts Districts to Buy Insurance

Events

Artificial Intelligence K-12 Essentials Forum Big AI Questions for Schools. How They Should Respond鈥
Join this free virtual event to unpack some of the big questions around the use of AI in K-12 education.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in Schools
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Science Webinar
Spark Minds, Reignite Students & Teachers: STEM鈥檚 Role in Supporting Presence and Engagement
Is your district struggling with chronic absenteeism? Discover how STEM can reignite students' and teachers' passion for learning.
Content provided by 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security Districts Flood FCC With Requests for New Cybersecurity Funds
The demand comes as the education sector's risk for cyberattacks continues to rise.
4 min read
Illustrations of man be scammed online with fishing line.
Digital Vision Vectors
Privacy & Security What Teachers Need to Know About Changes to Instagram Teen Accounts
The adjustments come as Meta faces multiple lawsuits from states and school districts.
4 min read
Close up photo of Black teen looking at Instagram photos on her cellphone.
Anastasia_Prish/Getty
Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/澳门跑狗论坛 via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by