Crime Or Cyber? How To Tell The Difference

Hands typing on a laptop with a digital overlay of a shield and network connections, symbolizing cybersecurity.

January 23, 2021 | CSD Team

Depending on the incident, find out which coverage applies to you.

Cyber-related incidents and risks continue to cause problems for many government entities. Even entities without websites or electronically stored data face some type of cyber exposure, since banking transactions are completed electronically. These exposures can leave organizations more vulnerable than expected.

Best practices for managing your cyber risk include performing a network cybersecurity assessment, implementing procedures for a payment request protocol as well as post-incident recovery, and training employees on emerging cyber threats. However, in the event that these practices fall short, the CSD Pool has several types of coverage to protect you from a loss.

Cyber Coverage Details

Cyber coverage can include protection against both first-party and third-party losses.

Third-party losses are liability claims brought against a district for negligence in maintaining network security which caused a breach of private data or a ransomware attack. First-party losses are the expenses that arise out of a cyber incident and can include:

Ransom demands for the release of data encrypted via malware; coverage is usually excluded if ransomware payments are made to parties in restricted countries included on the Office of Foreign Assets Control (OFAC) sanctions list.
Costs of notification, credit monitoring, call center services, and public relation services arising from the electronic disclosure of confidential information including personally identifiable information (PII) from a network security breach.
Costs of a forensic investigation into cyber incident.
Costs to recreate or restore electronic data to pre-loss conditions after damaged or destroyed by a computer virus, malicious code, or denial of service attack.

Crime Coverage Details

Crime coverage protects against the loss of money and/or securities by a third-party, which can include an electronic loss. The two types of electronic loss included are:

Funds Transfer Fraud: Protection against fraudulent electronic, telephonic, or written instructions to a financial institution directing them to transfer money without the district’s knowledge or consent.
Social Engineering Fraud: Protection against loss from an employee who transfers money to a cybercriminal’s account after being intentionally misled with a request that came from a genuine source such as a vendor, a client, or manager.

Public Officials Liability Coverage Details

Public officials liability coverage protects a district’s board of directors from allegations of a breach of fiduciary duty arising from the failure to oversee cybersecurity practices adequately.

Cyber Coverage Limits:

The CSD Pool’s Public Entity Liability Program includes a $200,000 cyber coverage sublimit, which includes first-party expenses and third-party liability. Members may qualify to increase this sublimit to $1,000,000 at no cost on completing a qualifying cybersecurity assessment. The higher sublimit can continue annually by providing a copy of the board’s agenda and minutes confirming review of the district’s network security and privacy practices by September 30 of each year. For more information, turn to page 24 for more information on cyber assessments.

A coverage extension is also included for public relations expenses up to a $25,000 limit. This will reimburse a district for pre-approved expenses incurred to retain the services of a public relations firm for the purpose of averting or mitigating damages to a district’s reputation caused by a data compromise or cyber extortion event.

Crime Coverage Limits

The CSD Pool’s crime coverage includes Social Engineering Fraud (formerly known as Fraudulent Impersonation) and Funds Transfer Fraud coverage. We offer coverage limits from $5,000 to $5,000,000 with the exception of Social Engineering Fraud, which is available up to $250,000. As a precedent to coverage in 2022 all districts must have a procedure in place regarding the verification of payment requests such as:

A policy to verify the request verbally with the requester of the payment
An authority matrix for dollar amounts of wire transfers/ACH payments that requires co-authorization by one or more employees and a senior staff member depending on the dollar value. For example:

Up to $5,000 can be initiated and authorized by one employee
$5,000 – $20,000 can be initiated by one employee and authorized by another
Over $20,000 can be initiated by an employee, authorized by another and verified by senior staff

A procedure to verify the accuracy of a vendor or customer payment request with one of their representatives directly, independent of email, will be required in 2022 or coverage will not apply

Public Officials

The CSD Pool’s public officials liability, provided under public entity liability, covers allegations relating to the actions or inactions of a district’s board or management. We offer a base limit of $2,000,000 for each occurrence with the option to purchase higher excess limits up to a $10,000,000 maximum. This is a shared limit for all liability coverages provided under the form.

For More Information

These programs protect our members from risks associated with conducting business in today’s world.

If you would like more information regarding your excess liability limits, or if you want to determine if your fraud and embezzlement limits are high enough, reach out to us at pc@csdpool.org.

Website Accessibility Statement

Colorado Special Districts Property and Liability Pool (the "District") is committed to ensuring that its services are accessible to all members of the public. As part of this commitment, the District strives to provide an accessible website compatible with the Web Content Accessibility Guidelines (WCAG) version 2.1, AA, and commercial screen reading software. Features of the website are created to allow individuals with vision and other impairments to understand and use the website to the same degree as someone without disabilities.

If you need any special assistance or accommodations:

Contact our compliance support team via telephone at: (888) 765-1970

Ongoing Compliance Information

Compliance Coordinator

The District has designated a Compliance Coordinator for website disability-related accommodations. The Compliance Coordinator has received training in website accessibility and updates the site in accordance with those best practices and requirements.

Compliance Procedures

The District is working to ensure all website content complies with the Americans with Disabilities Act and controlling State laws. In an ongoing effort to continually improve and remediate accessibility issues, the website is regularly scanned to ensure ongoing compliance, and timely changes are made to any inaccessible content if found.

Accessible Documents Policy

The District is committed to providing all documents hosted on the website in an accessible format or making accessible alternatives available.

Linked Documents and Third Parties

Please note that this site may link out to third-party websites that do not have accessible content. This site may also include documents provided by third parties. While we cannot control the accessibility of content provided by third parties, we are happy to assist any member of the public with reading and accessing content on our site.

Report a Website Accessibility Issue

We are committed to your ability to access all content, and we will respond to all requests in a timely manner. If you need assistance or accommodations while accessing content on this website, please contact our Compliance Coordinator via the form below: