We are now extremely reliant upon the internet and the cloud. As a bookkeeper this means that you carry much responsibility to protect your client's data, privacy and access to banking. So for you, the thoughts around “what if” are becoming increasingly important. The good news is that your IME / Chubb Professional Indemnity covers most of these “what ifs”.
Professional Indemnity Insurance responds to claims made against you by your clients for things that you may have done (in insurance speak this is called “a wrongful act”), or for things you are alleged to have done in your professional duty as a bookkeeper.
Your IME / ICB PII covers you for “your professional duty as a bookkeeper”, and this special policy includes cloud computing and therefore includes elements of “Cyber Security”. IME have also obtained an “Endorsement” in the ICB / IME policy to extend the cover for ICB members.
Your standard PII policy covers you for the thing you did or didn’t do, i.e., “your wrongful act”, and its impacts on your client’s business.
If damage is done to your own business, such as loss of your own data, data corruption, or loss of your funds, then Professional Indemnity Insurance would not cover this loss. You would require the Cyber Endorsement.
Your Professional Indemnity Insurance will respond to either pay: a financial settlement and/or legal and defence costs related to damage to your clients.
Cloud computing is considered an integral part of a bookkeeper’s duties. Therefore your involvement in making recommendations to clients about any software and using that software is covered.
Your ICB / IME policy specifically already covers you for:
- Advice you have provided to a client about using any form of software
- Includes where client data maybe lost
- Includes where incorrect access to clients records occurs
- Includes where privacy breaches occurs that damages the client
The optional extension for “Cyber Security Insurance” is insurance over damage to your own business due to a Cyber Security or cloud issue.
Cyber Security Management
Your ICB / IME policy provides you with access to a Cyber Risk and Security process, risk assessment, online training hub produced by Chubb - see below for eRisk Hub®.
Details of the Policy Extension
This document does not serve as a legal document but as an explanation of how Cyber Insurance applies to you if you hold a ICB / IME PII policy or extension to that policy. It also indicates what any other policy should be covering.
Coverage shall extend to loss on account of a claim for loss of or damage to customer business. Business records means non-public information related to a customer’s business dealings.
Cloud provider means an organisation that performs the following services for the insured
- Processing, holding or storing information and
- Data back-up, data storage or data processing.
The general policy applies in conjunction with the Endorsement to provide cover for liability as a result of negligence or alleged negligence. For example, data stored incorrectly allowing access by unauthorised parties resulting in breach of privacy, or loss of data or corruption of data, resulting in your client suffering a quantifiable loss.
- Failing to use adequate virus protection when online to cloud provider.
- Not securing passwords allowing unauthorised people access e.g. contractors.
- Employee/contractor leaves employment and you failed to delete their access.
- Backup data not correctly stored and emergency back-up files are blank.
- Not doing due diligence on cloud provider to ensure that they have adequate security and backup procedures.
- Client’s privacy is breached due an error or omission.
- Lost / corrupted data caused by bookkeeper. This may happen by input error or leaving an unsecured line open, and it is hacked - Wrongful Act.
- Open line is hacked, and all client’s private data is stolen / manipulated - Breach of Privacy and Privacy Remediation.
Loss of Documents
Coverage extends to loss of or damage to documents whilst in the custody of the Insured and for which the Insured is legally liable or any person to whom the Insured has entrusted them; or anywhere in transit in respect of all damage for which the Insured is legally liable.
Documents include electronic data that may be lost or destroyed and includes electronic documents stored in Cloud
Privacy / Confidentiality
Any Loss for:
- invasion or infringement of the right of privacy or publicity, including but not limited to false light, public disclosure of private facts, intrusion and commercial appropriation of name, persona or likeness;
- false arrest, detention or imprisonment; or
- wrongful entry or eviction, or other invasion of the right of private occupancy.
Client’s privacy is breached due to an event that appears to be due to the bookkeeper’s negligence. This result is client’s loss of business. They make a claim against the bookkeeper for recompense of lost revenue. The Professional Indemnity policy would respond to either pay a settlement or defend the action or both.
Privacy Remediation Expenses (Limit $100,000)
This means reasonable and necessary expenses for:
- advertising or other media services;
- broadcast, electronic, printed, telecast or telephonic announcements, communications or notices; or
- public relations services;
that are incurred solely to comply with a law, ordinance or regulation concerning the notification of others consequent upon the potential or actual unauthorised access to or unauthorised use by another person of an individual’s personal information which is not publicly available.
Example: Rectification of a privacy breach to notify clients and other concerned third parties that there has been misuse of private information or potential misuse of private information which may include financial records. Some breach of privacy cases may involve multiple clients at any one time
Additional Sections Covered by the Policy When Recommending / Referring to Cloud Computing
Sale, installation, set-up, configuration, training and use of commercially available bookkeeping or accounting software.
Consulting and advice in relation to the foregoing data file management (including backup management and file location management) in relation to the above services may be provided at the client site utilizing your client's booking system, or at a different location, or via remote access software, or cloud computing.
Whilst the above sections are not included in the policy wording, they are descriptive of the normal duties of a bookkeeper covered under our policy. Please refer to the Policy Schedule.
Good News - ICB Exclusive Member Benefit
As an ICB member, you have automatic included eligibility to access this service (provided you hold a Chubb/IME professional indemnity policy).
Use Chubb eRisk Hub® to prevent and respond to a cyber event:
- Learn industry-accepted techniques in cyber risk management
- Stay on top of breach activity and trends through e-mail alerts and news services
- Bolster your incident response plan with our Incident Response Road Map
- Test your privacy controls with our proprietary Private/ Confidential Information Protocol and Checklist
- Download risk management forms and documents
- Locate resources to train your employees about privacy, physical security, and IT security
- Engage IT experts to improve security
And should you suffer an event that may trigger a claim under your professional indemnity policy, access the 24/7 Emergency Response help line.
- Access free Webinars about responding to data breaches and privacy losses
- Find legal experts experienced in breach notification, eDiscovery, business continuity, and regulatory compliance
- Consult with computer forensic professionals to investigate a breach event
- Retain a public relations firm experienced in managing data breach and privacy communications
Some Recent Questions
- What if they are a victim of Cybercrime - they get hacked, their security gets hacked, causing identity theft of their clients or data is stolen or corrupted, and due to the breach of the practitioner the Client loses money or has damage caused. Is the practitioner covered?
If the bookkeeper contributed to the loss by not employing proper data security or checking that the cloud provider has adequate security, cover would apply as the bookkeeper has committed a negligent act
- What about the cost of recovering from own identity theft?
Own Identity theft is not covered that doesn’t include a loss to a client however if there are documents lost that need to be reinstated that belong to a client
- What about cost of damage and recovery from being hacked or loss of client identity?
There are quite a few scenarios that could play out here with contributing factors and which sections apply. Is it covered under cloud data; is it covered under privacy remediation; is it covered under loss of documents section or is it a simple straight out negligent act, error or omission committed by the bookkeeper
Additional cover available to purchase to cover own lost data or cyber-attack costs
We have spoken about incidents where you have committed or alleged to have committed a wrongful act and in most cases your professional indemnity will respond to pay a settlement or defend an action against you. But what about my own costs if there is no actual claim being made by a client against me. We have a solution available to cover your own costs.
The Solution Offered in Summary
- Privacy Liability Cover
- Network Liability cover
- Cyber extortion cover
- Data Asset Loss cover
|Options||Policy Limit||Excess||Total Annual Add-on premium|