View Cyber Liability Insurance
Cyber Liability Insurance
Many Hudson clients have inquired about Hudson and cyber liability insurance and whether they and their card-holder clients are covered by any Hudson liability policy that may be in place. Please review our position below for those who have this question or concern.
The Hudson Group has thoroughly researched offering Tech Carrier Cyber Liability and / or Data Breach Coverage to our clients. After a review by our agent, they determined that technically, Hudson is not the “owner” of either the business transaction or the request for service. Hudson is essentially only the conduit for the transactions. Therefore any insurance Hudson has in place does not cover our clients in the manner they may be looking for.
In our capacity, The Hudson Group has invested and continues to invest significant resources in order to protect both our clients and ourselves and to provide a significant level of data security. Hudson monitors continuously its hosted network for any suspicious or troubling network activity. Hudson also spent several years pursuing and achieving a PCI Security Standards Council PA-DSS validation of acceptance on the HGTS core application suite. This validation ensures that all sensitive client and card holder data is encrypted to the highest PCI standards and would not be decipherable should a breach due to internal or external attack ever occur. The Hudson Group is the only technology provider to the ground transportation industry currently listed on the PCI website to achieve this PA-DSS acceptance for new system deployments.
It is commendable and responsible that all or clients are seeking to protect their card holders information and reduce any exposure. According to the information security manager at Hudson who oversees the PA-DSS validation process and all the updates to the PCI standards, all Hudson clients should consider working internally to achieve PCI compliance for their businesses if they haven’t already. This is also most likely a requirement of their credit card processor and / or bank. He adds that achieving PCI compliance is the single strongest step a company can take to ensure that their office infrastructure and all staff in their office are following best practice to maintain the highest levels of data security and to prevent loss of data via internal and/or external threats. Hudson produced a Client Implementation Guide which covers the proper way to use the HGTS system so that maximum security can be achieved. A copy of this guide can be obtained here: File:Hudson PA-DSS Implementation Guide.pdf. At the time of this article (Spring 2017), Hudson is working at updating and revalidating HGTS v1.94 against the latest PCI PA-DSS Standard (v3.2). This new validation will cover HGTS when run on newer versions of the Microsoft Operating System and will include new security features including: 256 bit database encryption, multi-factor authentication and additional security logging. An updated version of the Implementation Guide above will also be released once approved by the PCI Council.
Hudson further suggests that clients reach out to their current insurance provider to see if additional coverage for data breach, which can happen at the office level, is available as additional coverage on their general business liability policy.
Additional articles by Hudson, pertaining to security and the PA-DSS validation obtained can be found at: Hudson KnowledgeBase