Licensed Architect - Summer 2017 - 28

Insurance
activity. And finally, by paying a
ransom, an organization might
inadvertently be funding other illicit
activity associated with criminals."
So what does the FBI recommend?
As ransomware techniques and
malware continue to evolve-and
because it's difficult to detect a
ransomware compromise before it's
too late-organizations in particular
should focus on two main areas:
* Prevention efforts-both in both
in terms of awareness training for
employees and robust technical
prevention controls; and
* The creation of a solid business
continuity plan in the event of a
ransomware attack.
I would also add to this that you
should report this immediately to
your insurance carrier(s) and broker
to get their input on how best to
respond to this situation.
SEPARATE CYBER
LIABILITY COVERAGE
As reviewed, there may be
coverages under both an A&E's
PL and GL/BOP policies for
specific data breach related
claims however, these coverages
may not be sufficient. It may be
necessary for the A&E firm to
secure separate cyber coverage to
adequately protect against losses
and liabilities in the event of data
breach that may not be covered
under their current insurance
program. In fact, given the broad
coverage provided by a standalone cyber liability policy, and
the relatively low cost, I would
recommend every A&E firm to
seriously consider purchasing this
insurance. In addition, we are
seeing more and more contracts
requiring specific cyber coverage
that only a stand-alone cyber
policy would satisfy.
Some specific coverage features
and benefits under a stand-alone

28 | Licensed Architect | Summer 2017

Cyber Liability Policy include the
following:
1. Business Interruption
& Extra Expenses
Covers lost online & offline income,
as long as your income is network
dependent and the loss is caused
by security breach or errors plus
expenses of avoiding such a loss.
2. Dependent Business Interruption
Covers lost online & offline income,
as long as your income is network
dependent and the loss is caused
by a third party's Network Security
Failure or error, plus expenses of
avoiding such a loss.
3. Content Injury Liability (Media)
Defamation, disparagement,
copyright, trademark, publicity rights
and content errors, etc. Covers
computer readable content and can
be expanded to all media.
4. Data Restoration / Digital Assets
Covers costs to recreate or restore
network to pre-loss conditions.
Attacks covered include those
instigated by employees.
5. Network Extortion
Pays credible extortionist demands
and response costs to demands for
money against threats to release private
information or bring down a network.
The graph (page 29) does a good
job illustrating the potential gaps in
coverage a stand-alone cyber
policy can cover.
What risk management steps can
my firm take to assume and control
cyber risk?
As noted, transferring cyber liability
risk by insurance is only one piece
of the risk management puzzle. The
intangible costs associated with a
claim or client dispute including the
distraction to your business and
damage to the firm's reputation
can be greater than any hard
costs of insurance premiums and
deductibles. An A&E firm needs to

consider how best to assume and
control this risk. In fact, if you are
interested in purchasing a separate
cyber policy, as part of the
underwriting process most carriers
will assess whether or not your
firm has specific risk management
protocols in place.
Our Willis Towers Watson Cyber
Team advises that the following
underwriting questions are being
considered in assessing and pricing
cyber liability products:
➢ Governance and risk
assessment requiring current,
tailored processes with senior
management (including CISO
and COP positions) and
board involvement
➢ Access rights and controls
inside and outside the enterprise,
including credentialing, access
tracking and bring your own
devices (BYOD) policies
➢ Encryption of PII, PHI and
the transmission lines in the
credit processing systems
(if PII cannot be encrypted,
underwriters are looking for
compensating controls around
the protection and monitoring
of data, including file integrity
monitoring and
malware detection)
➢ Data loss prevention, including
patch management, system
configuration and outbound
communications, with special
emphasis on PII.
➢ Vendor management that
includes due diligence at the time
of selection and downstream
compliance controls over thirdparty providers
➢ Training of employees
and vendors
➢ Incident response plans and
data protection priorities



Table of Contents for the Digital Edition of Licensed Architect - Summer 2017

President’s Message
ADA Advice Accessibility: Handrail Details for Stairways and Ramps
Continuing Education A Review of Window, Door and Skylight Standards and Certification
Buyer’s Guide
Feature Article The Necessary Accessory: Hardware
Continuing Education Providers/ ALA New Members
Insurance Design Professionals and Cyber Risk - Part 2
Second Chances for Buildings The New Roof is Still Leaking?
Feature Article What Do Clients Want? Amenities, style and function
Firm Management Tools for Small Firms: Time Management
Index of Advertisers
Licensed Architect - Summer 2017 - Intro
Licensed Architect - Summer 2017 - cover1
Licensed Architect - Summer 2017 - cover2
Licensed Architect - Summer 2017 - 3
Licensed Architect - Summer 2017 - 4
Licensed Architect - Summer 2017 - 5
Licensed Architect - Summer 2017 - President’s Message
Licensed Architect - Summer 2017 - 7
Licensed Architect - Summer 2017 - ADA Advice Accessibility: Handrail Details for Stairways and Ramps
Licensed Architect - Summer 2017 - 9
Licensed Architect - Summer 2017 - 10
Licensed Architect - Summer 2017 - 11
Licensed Architect - Summer 2017 - 12
Licensed Architect - Summer 2017 - 13
Licensed Architect - Summer 2017 - 14
Licensed Architect - Summer 2017 - 15
Licensed Architect - Summer 2017 - Continuing Education A Review of Window, Door and Skylight Standards and Certification
Licensed Architect - Summer 2017 - 17
Licensed Architect - Summer 2017 - 18
Licensed Architect - Summer 2017 - 19
Licensed Architect - Summer 2017 - 20
Licensed Architect - Summer 2017 - Buyer’s Guide
Licensed Architect - Summer 2017 - 22
Licensed Architect - Summer 2017 - 23
Licensed Architect - Summer 2017 - 24
Licensed Architect - Summer 2017 - Feature Article The Necessary Accessory: Hardware
Licensed Architect - Summer 2017 - Continuing Education Providers/ ALA New Members
Licensed Architect - Summer 2017 - Insurance Design Professionals and Cyber Risk - Part 2
Licensed Architect - Summer 2017 - 28
Licensed Architect - Summer 2017 - 29
Licensed Architect - Summer 2017 - Second Chances for Buildings The New Roof is Still Leaking?
Licensed Architect - Summer 2017 - 31
Licensed Architect - Summer 2017 - 32
Licensed Architect - Summer 2017 - Feature Article What Do Clients Want? Amenities, style and function
Licensed Architect - Summer 2017 - 34
Licensed Architect - Summer 2017 - 35
Licensed Architect - Summer 2017 - Firm Management Tools for Small Firms: Time Management
Licensed Architect - Summer 2017 - 37
Licensed Architect - Summer 2017 - Index of Advertisers
Licensed Architect - Summer 2017 - cover3
Licensed Architect - Summer 2017 - cover4
http://www.nxtbook.com/naylor/ALATQ/ALATQ0318
http://www.nxtbook.com/naylor/ALATQ/ALATQ0218
http://www.nxtbook.com/naylor/ALATQ/ALATQ0118
http://www.nxtbook.com/naylor/ALATQ/ALATQ0417
http://www.nxtbook.com/naylor/ALATQ/ALATQ0317
http://www.nxtbook.com/naylor/ALATQ/ALATQ0217
http://www.nxtbook.com/naylor/ALATQ/ALATQ0117
http://www.nxtbook.com/naylor/ALATQ/ALATQ0416
http://www.nxtbook.com/naylor/ALATQ/ALATQ0316
http://www.nxtbook.com/naylor/ALATQ/ALATQ0216
http://www.nxtbook.com/naylor/ALATQ/ALATQ0116
http://www.nxtbook.com/naylor/ALATQ/ALATQ0415
http://www.nxtbookMEDIA.com