This will help ensure that you are not jeopardizing coverage for any costs associated with the incident and that you are engaging experts vetted by your carrier. If there is a breach of sensitive information, you will be guided through the process by a NAS claims staff member, who will be assigned to you throughout the entire process. The NAS Claims Department works with experienced counsel and vendors and will guide you through the process.
Refer to the following for guidance reporting the incident to your carrier and responding to a security incident or data breach.
The following steps should be followed in the case of an actual or potential information security breach including: (a) all losses or disclosures of confidential or sensitive information; (b) all information security violations and problems; (c) all suspected information security problems, vulnerabilities, and incidents; or (d) any damage to or loss of company computer hardware, software, or information that has been entrusted to the organization’s care.
Step 1. Contact NAS Immediately
Step 2. Do not turn off or reboot any systems. Record critical facts regarding the incident (date and time when the incident was discovered, who discovered the incident, what occurred, what systems and information were potentially compromised).
Step 3. Secure the scene to preserve evidence. Do not allow anyone to take any action on affected systems.
Promptly notify NAS and identify resources available under your policy (e.g. legal, forensics, crisis management, and response vendors) to save time and costs.
Restrict communications and use caution when discussing the incident. Limit discussions to a need-to-know basis, with communications taking place over the phone or face-to-face rather than email. And, avoid using the term “breach” which can trigger legal obligations. Instead, call the event a “security incident” or simply what it is, i.e. “a lost laptop.”
Important Information re: Legal Counsel: The insurance company will assign legal counsel to assist the insured (A) in the event of a covered claim, or (B) otherwise, if it determines that assigning legal counsel is appropriate. If you retain your own legal counsel without the consent and approval of the insurance company, your company (the insured) will be solely responsible for the legal fees and other costs associated with such engagement.
To report a suspected data breach, please contact NAS Insurance Company, LLC by phone or e-mail and advise you are a Lawyers’ Mutual Insurance Company member.
NOTE: Failure to report a breach immediately may impact your rights to coverage.