Metro - File #: 2022-0454

File #:

2022-0454

Type:

Program

Status:

Passed

File created:

7/1/2022

In control:

Board of Directors - Regular Board Meeting

On agenda:

8/25/2022

Final action:

8/25/2022

Title:

AUTHORIZE the Chief Executive Officer to negotiate and purchase a cybersecurity liability insurance policy with up to $50 million in limits at a cost not to exceed $2.8 million for the 12-month period effective September 1, 2022 to September 1, 2023.

Sponsors:

Finance, Budget and Audit Committee

Indexes:

Budget, Budgeting, Expo Line Operating Project (Project), General Overhead (Project), Gold Line Operations (Project), Insurance, Los Angeles Union Station, Maintenance practices, Metro Rail A Line, Metro Rail B Line, Metro Rail C Line, Metro Rail E Line, Metro Rail L Line, Operations and Maintenance, Operations Maintenance (Project), Operations Transportation (Project), Owned Property (Project), Policy, Program, Project management, Purchasing, Rail Operations - Blue Line (Project), Rail Operations - Green Line (Project), Rail Operations - Red Line (Project), Rail Operations Control Center, Station operations, Supervisory Control And Data Acquisition, Union Station Property Management (Project)

Attachments:

1. Attachment A - Options and Premiums, 2. Attachment B - Coverage Description

Related files:

2022-0653

Date	Action By	Action	Result	Action Details	Meeting Details	Audio
8/25/2022	Board of Directors - Regular Board Meeting			Not available	Meeting details	Not available

Meeting_Body
FINANCE, BUDGET AND AUDIT COMMITTEE
AUGUST 17, 2022

Subject
SUBJECT: CYBERSECURITY LIABILITY INSURANCE PROGRAM

Action
ACTION: APPROVE RECOMMENDATION

Heading
RECOMMENDATION

Title
AUTHORIZE the Chief Executive Officer to negotiate and purchase a cybersecurity liability insurance policy with up to $50 million in limits at a cost not to exceed $2.8 million for the 12-month period effective September 1, 2022 to September 1, 2023.

Issue
ISSUE

To date, Metro has not purchased an insurance policy to cover our cybersecurity liability exposures. Cybersecurity is the practice of being protected against criminal or unauthorized use of systems and electronic data. These exposures include but are not limited to:

? Unavailability of IT systems and networks
? Physical asset damage and associated loss of use
? Loss or deletion of data
? Data corruption or loss of data integrity
? Data breach leading to compromise of third party confidential/personal data
? Cyber espionage resulting in release of confidential/sensitive information
? Extortion demands to cease a cyber attack
? Direct financial loss due to theft
? Damage to reputation
? Bodily injury/property damage to third parties

Without this insurance, Metro is subject to unlimited liability for claims resulting from a cyber-attack or data breach event.

Background
BACKGROUND

Metro's insurance broker, USI Insurance Services ("USI") was requested to market a cybersecurity liability insurance program to qualified insurance carriers. USI partnered with London broker Howden to develop the program of insurance. As a result, we received a quote from a carrier with A.M. Best ratings indicative of acceptable financial soundness and ability to pay claims. The premium indications below are based on current market expectations. The quoted price expires September 1, 2022.

USI provides a not-to-exceed number that serves three functions. First, the number provides an amount to cover the recommend...

Click here for full text

Board Report