The policy covers the expenses a firm would incur “as they go through managing an information breach,” says Callahan. Crisis management coverage includes reimbursement for legal or public relations advice, the cost of notification of clients, and the expense of credit monitoring or other mitigation offered to clients. The policy also covers access to an ID theft specialist, reimbursement for outside legal assistance–such as might be needed in a regulatory investigation–and also liability and damages in a civil suit.
Callahan says AIG designed the policy to be comprehensive. “What would an advisor face if they had a breach?” she asks. “We wanted to give them the resources to handle the event and extreme results.” While there are a few exceptions to covered circumstances (an intentional act on the part of a principal of the company, for instance, or fraud by an officer of the company), the coverage is “broad and responds to as many kinds of information breaches as are out there.”