The K-12 community of public and private schools in the U.S. saw more than 1,600 cybersecurity related incidents between 2016 and 2022. These incidents included unauthorized disclosures, breaches or hacks resulting in the disclosure of personal data, as well as ransomware, phishing and denial-of-service attacks. Other cyber incidents resulting in school disruptions and unauthorized disclosures were also reported.
The recent PowerSchool data breach is one of the latest to affect the community. According to Education Week, on December 28, 2024, PowerSchool’s PowerSource customer support portal was accessed using compromised credentials, exposing the personal information of millions of students and teachers.
While the exact number of affected individuals is still being determined, PowerSchool is in the process of notifying districts affected by the breach. They recently stated that law enforcement has been notified and that they believe the data accessed will not be shared or made public.
Reporting
In events like this, it is important to note that cyber policies vary greatly and may not all apply uniformly (or at all) depending on the paper, form or particular wording of each policy. And while PowerSchool is reportedly working closely with affected districts to ensure the security of their system, there may be potential coverage implications resulting from this incident.
Therefore, it is critical to advise insureds to do the following as soon as possible after an alleged or actual cyber event is discovered.
- Notify the insurer promptly. Many cyber policies have limits on when an incident must be noticed to an insurer (often triggered by the discovery of an incident by an executive or employee). Insurers add these requirements so their position is not prejudiced by latent reporting. With the time-sensitive nature of cyber claims, this point is critical. Even a “Notice of Circumstance” ensures timely reporting in the event of a loss. Additionally, notice to an insurer opens the lines of communication and allows access to response professionals and/or legal professionals to help insureds navigate the situation.
- Engage their broker. If there is a suspected impact to an insured, it is important they:
- Discuss with their broker what may be covered under the policy.
- Notify the carrier according to the guidelines of the policy terms and conditions.
- Work with the breach coach to determine next steps.
- Work with the carrier prior to engaging outside vendors or legal services. Often policies do not respond to costs incurred without consent or prior approval. Transparency and communication with the carrier as the situation unfolds is critical for a successful resolution.
Amwins is here to help
Don’t hesitate to contact your Amwins professional lines broker with any questions or account needs during this time. We will leverage our full arsenal of expertise, market relationships and resources to deliver the best result for you and your clients.
As true cyber insurance specialists, the brokers in Amwins' national professional lines practice group stay vigilant for our clients, and offer the following advantages:
- Adept at navigating policy wording and market trends to secure the right coverage for accounts of all sizes and complexities.
- Exclusive amendatory endorsements with key carrier partners to ensure consistency and quality in our cyber and technology E&O product offerings.
- Proprietary digital quoting platform to streamline the quote process and offer competitive, vetted, and comprehensive quote options on a given risk.
- Exclusive cyber solutions and continually striving to develop innovative products and offerings as the market allows – standard is not our baseline.
Having an experienced wholesale broker on your side to help you navigate a cyber event can lead to a more efficient claims process and lead to a better result for your clients.
