The BBR Services team will continue to collaborate with you throughout the investigation and response process, to provide guidance and to arrange breach investigation and response services provided by Beazley’s network of expert service providers.
Legal services
If an incident occurs that might require notification under relevant breach notice laws or regulations, specific Legal Services to assist you in investigating and responding to the incident are included.
BBR Services will arrange Legal Services for you and will connect you to these experts; please do not contact Beazley’s partnering law firms directly without the involvement of BBR Services.
A cyber incident may result in legal and regulatory consequences for your organisation. Personal data breaches may require notification to regulators or to individuals under relevant privacy laws or regulations. Depending on your industry, you may have additional regulatory notification requirements. Our panel of specialist privacy laws can assist you to assess the nature and scope of the incident, and advise on your legal and regulatory obligations in the relevant territories.
BBR Services will arrange these legal services for you and will connect you to these experts; please do not contact Beazley’s partnering law firms directly without the involvement of BBR Services
Computer expert services
In the event that external forensics assistance is needed to assess the impact of a data incident on your computer system, Computer Expert Services will be provided to (1) help to determine whether, and the extent to which, notification must be provided to comply with Breach Notice Laws, and (2) if applicable, give advice and oversight in connection with the investigation conducted by a PCI Forensic Investigator.
The computer security expert that provides Computer Expert Services will require access to information, files and systems and it is important for you to comply with the expert’s requests and cooperate with the investigation. Reports or findings of the expert will be made available to you, us, the BBR Services team and any attorney that you retain to provide advice with regard to the incident.
BBR Services will arrange Computer Expert Services for you and will connect you to these experts; please do not contact Beazley’s partnering forensics firms directly without the involvement of BBR Services.
Sometimes, external forensic experts are needed to assess the impact of a cyber incident on your computer systems. BBR Services work with a range of experts on a daily basis and we can use our experience to assess which expert is best placed to assist you.
These services will be provided under the terms of your policy to (1) help to determine whether, and the extent to which, notification must be provided to comply with Privacy Laws, and (2) if applicable, give advice and oversight in connection with the investigation conducted by a PCI Forensic Investigator.
The computer security expert will require access to information, files and systems to be able to carry out the investigation. BBR Services can guide you through requests from the expert. Reports or findings of the expert will be made available to you, us, the BBR Services team and any privacy lawyer that you retain to provide advice with regard to the incident.
BBR Services will arrange these services for you and will connect you to the relevant experts; please do not contact Beazley's partnering forensics firms directly without the involvement of BBR Services.
Notification and call centre services
BBR Services will assist you with the notification process, including arranging for notification and/or call centre service. BBR Services will walk you through notification details such as how to work with privacy counsel to develop notification letters and how to timely provide notification letters, relevant addresses and other required deliverables to the notification vendor.
Notification letters will be black and white and two-sided; returned mail will be provided to you at your request. Mailing may be staggered to accommodate the number of notifications and anticipated call centre volume. Notification services do not include further tracing of individuals whose notifications are returned.
Where it is necessary to notify affected individuals of the incident, BBR Services will assist you with the notification process. We will help you to work with privacy counsel to draft notification letters or emails, and walk you through how to work with the notification vendor to provide them with relevant contact details and other required information.
Where you intend to notify affected individuals, BBR Services can help you to set up an external call-centre to deal with queries from the public. We will also walk you through developing a set of frequently asked questions (FAQs) for use by the call centre and how to anticipate and prepare for call escalations.
Where there is a risk to your organisation's reputation and/or the incident is likely to attract media attention, it is advisable to seek support from crisis communications agencies to ensure the message is consistent across all forms of media. BBR Services can assist you to contact these experts where necessary.
Breach resolution and mitigation services
Beazley Breach Response includes a number of products that provide Resolution and Mitigation Services, including one and three bureau monitoring and identity monitoring solutions. All the solutions include Identity Restoration services.* Based on our experience, three bureau credit monitoring is generally appropriate for breaches involving data such as names combined with social security numbers. For breaches involving less sensitive data, one bureau credit monitoring or identity monitoring solutions may be appropriate. The BBR Services team has handled thousands of breaches and will advise you on which products or solutions may be applicable for a particular breach event.
A product or solution may be offered where reasonably practicable and only to the extent available in a particular jurisdiction. Notified Individuals will have up to ninety (90) days from mailing of the notification to subscribe to an offered product or solution and they must qualify for enrolment, complete the enrolment process and agree to the applicable terms and conditions set by the provider. Enrolees of an offered product or solution will have access to the services provided under such product or solution for 12 months from the date of their enrolment.
* Subscribers will automatically receive access to Identity Restoration services from the date of the notification letter through the full duration of the product term, even if consumers don’t enrol in the product. If they do enrol in an IdentityWorks product, identity restoration is extended through the full duration of the product term as well. Product enrolments must occur prior to the Enrolment End Date indicated on the order form.
Beazley Breach Response includes a number of products that provide Resolution and Mitigation Services, including credit and identity monitoring solutions. The BBR Services team has handled thousands of data breaches and will advise you on which products or solutions may be applicable for a particular breach event.
A product or solution may be offered where reasonably practicable and only to the extent available in a particular jurisdiction. Notified Individuals will typically have up to ninety (90) days from mailing of the notification to subscribe to an offered product or solution and they must qualify for enrolment, complete the enrolment process and agree to the applicable terms and conditions set by the provider. Enrolees of an offered product or solution will typically have access to the services provided under such product or solution for 12 months from the date of their enrolment.
Additional information on products and offerings
Descriptions of each of the credit or identity monitoring products and solutions are provided by ConsumerInfo.com, Inc. and are for informational purposes only and are not part of the Policy. The actual services available with each product or solution are governed by the terms and conditions of the applicable agreements that you must enter into prior to the product or solution being offered to Notified Individuals. Further information about the ConsumerInfo.com products can be obtained at the telephone numbers indicated in the applicable description. You may also contact us through your insurance broker to receive additional information about the Services.
Your responsibilities
To ensure that the Services described above are provided promptly and properly, you must follow the requirements and procedures set forth in the Policy and in this Information Packet. We require your assistance and cooperation with us and with any third party vendors providing Services. Please respond to BBR Services or outside vendor requests and inquiries in a timely manner and enter into necessary contracts required by our vendors for the provision of services. You will be responsible for paying any costs resulting from your failure to timely provide responses, accurate information or approvals necessary for the provision of the Services. There is no coverage under the Policy for any of your internal salary or overhead expenses or for your assistance and cooperation in responding to a breach incident. In the event of a breach incident or suspected incident, do not contact any service providers directly. Instead, you must first provide notice to us by sending us an email or by filling out the breach notification form.
Contacting any of the service providers listed in this Information Packet shall not constitute notice under the terms of the Policy.
As used in this Information Packet, the terms “we” or “us” or have the same meaning as the term “Underwriters” in the Policy and “you” has the same meaning as the “Insured Organisation” in the Policy. Capitalised terms not defined in this Information Packet have the same meaning as set forth in the Policy.