QUESTION
What is the policy on vendor insurance coverage for victim notification in case of a data breach?
1:49:00
·
75 sec
The council member asks about the Office of Technology and Innovation's policy for vendor insurance coverage for victim notification in the event of a data breach.
- The Chief Information Security Officer explains that cyber insurance policies typically include provisions for victim notification costs
- She states that OTI requires vendors to have cyber insurance as a safety net for both parties
- However, she clarifies that she is not an authority on specifics of cyber insurance policies
Jennifer GutiƩrrez
1:49:00
And in in the event in the example of victim notification, are those pieces of like the agreement or policy that OTI works through in every specific agreement.
1:49:15
Or contract, excuse me, how, I guess, how how do we know in those instances when their insurance policy when the vendor's insurance policy is gonna be utilized for something that's important as victim modification.
Kelly Moan
1:49:30
So great question.
1:49:31
The cyber insurance landscape has also continued to evolve even speaking more broadly in the private sector realm over the last few years, especially with very well known and high profile attacks that have hit.
1:49:42
Private sector companies.
1:49:44
Mhmm.
1:49:44
Typically, again, just speaking from my experience and background, typically, when a when a private sector entity endeavors to get cyber insurance.
1:49:53
Typically, that policy does include provisions for victim notification and the relevant cost to that.
1:49:59
Okay.
1:50:01
I'm not a 100% authority.
1:50:02
I'm not a cyber insurance lawyer nor a provider, but I do know that large in part.
1:50:08
That is why we have the cyber insurance requirements for our vendors as well so that they have that backstop too.
1:50:15
Thank you.
