Meeting_Body
FINANCE, BUDGET AND AUDIT COMMITTEE
AUGUST 17, 2022
Subject
SUBJECT: CYBERSECURITY LIABILITY INSURANCE PROGRAM
Action
ACTION: APPROVE RECOMMENDATION
Heading
RECOMMENDATION
Title
AUTHORIZE the Chief Executive Officer to negotiate and purchase a cybersecurity liability insurance policy with up to $50 million in limits at a cost not to exceed $2.8 million for the 12-month period effective September 1, 2022 to September 1, 2023.
Issue
ISSUE
To date, Metro has not purchased an insurance policy to cover our cybersecurity liability exposures. Cybersecurity is the practice of being protected against criminal or unauthorized use of systems and electronic data. These exposures include but are not limited to:
? Unavailability of IT systems and networks
? Physical asset damage and associated loss of use
? Loss or deletion of data
? Data corruption or loss of data integrity
? Data breach leading to compromise of third party confidential/personal data
? Cyber espionage resulting in release of confidential/sensitive information
? Extortion demands to cease a cyber attack
? Direct financial loss due to theft
? Damage to reputation
? Bodily injury/property damage to third parties
Without this insurance, Metro is subject to unlimited liability for claims resulting from a cyber-attack or data breach event.
Background
BACKGROUND
Metro's insurance broker, USI Insurance Services ("USI") was requested to market a cybersecurity liability insurance program to qualified insurance carriers. USI partnered with London broker Howden to develop the program of insurance. As a result, we received a quote from a carrier with A.M. Best ratings indicative of acceptable financial soundness and ability to pay claims. The premium indications below are based on current market expectations. The quoted price expires September 1, 2022.
USI provides a not-to-exceed number that serves three functions. First, the number provides an amount to cover the recommend...
Click here for full text