Search for insurance help

Cyber Insurance - What is it?

Cyber Insurance is one of the newest forms of insurance coverage.

Today, information constitutes a significant portion of company assets and intellectual property which is all predominantly stored electronically and shared over networks. What would happen if these vital corporate assets were stolen, disclosed, lost, destroyed, or corrupted?

Cyber-crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism. Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks and fraudulent online scams to perpetrate their crimes. They find it relatively easy to access computers and networks inadequately protected by virus software, passwords or laxed corporate governance and staff awareness. Cyber Criminals will also directly steal laptops, computers and mobile devices and take advantage of computers that are left unattended.

A Cyber Insurance product is used to protect business and individual users for related risk arising from data and the internet and more generally risks relating to information technology infrastructure and activities.

These risks are typically excluded, or at least not well-defined cover being provided by traditional insurance policies such as:
  1. Public & Products Liability (General Liability)
  2. Directors & Officers Liability (Management Liability)
  3. Professional Indemnity
  4. Information Technology Liability

Coverage provided by Cyber Insurance policies vary greatly from insurer to insurer, but generally the main areas of cover the policy seeks to cover are:
1. First party coverage against losses resulting from:
  • Data destruction
  • Extortion
  • Theft / Crime resulting from internet / network based fraud
  • Hacking
  • Denial of service attacks
  • IT Forensic costs
  • Credit Monitoring Costs
  • Public Relations Costs
  • Other systems interruption issues as defined by the policy
  • Business Interruption consequence of a cyber incident 

2. Liability coverage for losses caused to others, for example:
  • Failure to safeguard data and privacy breaches
  • From failure to keep data secure, including claims for compensation,
  • Investigations, payment of fines and penalties.
  • Defence costs and legal representation expenses.
 
Claims Scenarios
Perhaps the easiest way to demonstrate the benefits of Cyber Insurance is by the following claims scenarios:

  Profile  Background  Outcome Travel agency  The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals credit card information and passport details were compromised 

Agile CyberCare covers small businesses against cyber threats and data breaches, including 24/7 emergency response for incidents.

Cyber Liability Insurance is designed to help protect you from claims and support your profitability in the event of a cyber breach or attack.

Agile CyberSelect is aimed at mid-market to corporate clients and is a comprehensive Cyber Insurance policy with 16 policy benefits and 24/7 incident response.

The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals credit card information and passport details were compromised  $1,750,000 paid for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals including providing credit monitoring services

  Charity  The Insured was targeted with a denial of service attack (floods a targeted system with incoming web traffic until it is virtually crippled) in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.  $1,500,000 paid for the lost donations and rectifying the damage to the Insureds website 
  Online Retailer  The Insured website was defaced and included a link to a competing retailer  website when hackers gained access to personal information of their customers and overtook their website.  $800,000 was paid for loss of income, cost to repair the website as a result of the hack, defence costs for regulatory actions by the Privacy Commissioner, and costs of notifying the affected individuals including providing credit monitoring services.
  Law firm  The Insured server and client records were locked by Ransomware software. The Insured was only able to get the files released after paying a ransom of $50,000 to hackers.  $150,000 paid for the loss of income, the ransom demand including consultants costs to advise on handling and negotiation of the ransom, and costs to restore the network as the hackers refused to release the files despite ransom payment.

  Accountant  The Insured used a third party cloud based software provider to hold confidential client information. The cloud provider advised the Insured that their account had been accessed by an unauthorised identity who had deleted data relating to 5,000 clients. As a result of the hack, the client was unable to operate as usual due to the missing data and limited access to their software.  IT Forensic Consultants to assist the client in investigating whether their systems had also been compromised. As the incident occurred prior to the new privacy regime taking effect, the Insured did not have to report the privacy breach, however in order to be transparent with the Commissioner and its clients, the Insured advised the Privacy Commissioner of the potential breach. The Insured was able to claim for business interruption costs, forensics and legal costs. Payment: $124,000.
 
Tips For Preventing Cyber Attacks
Covid has caused headaches for IT teams and cyber security teams everywhere. The issues are two-fold. Firstly, there are simply more attack vectors with so many people working from remote locations which may be unprotected or un-monitored, or attached to insecure networks. Secondly, cyber criminals have really ramped up their game as a result there has been a large spike in cyber activity since Covid.

Passwords, email, social networking and out-of-date software all provide opportunities for cybercriminals.

To prevent attacks:
  1. Protect your computer with both a firewall and an anti-virus program. Keep your anti-virus program up-to-date and remember to renew your annual subscription.
  2. Ensure your network is patched for latest security updates.
  3. Back-up all important data. Viruses and malware can destroy vital information.
  4. Create a password of more than six characters with a combination of letters and numbers. Do not save the password on your computer or share it with others and change it regularly.
  5. Email is the most likely route for viruses and hackers. Do not open any email attachments from people you do not know.
  6. Use the privacy settings on social networking sites to prevent malicious access to your personal information.
  7. Use two factor identification
  8. Conduct regular staff cyber awareness training
 
Why is Cyber Insurance important for all businesses to consider?
Cyber Insurance is no different to any other form of insurance, in that it will protect you from considerable financial harm if the worst were to happen. Even with the best mitigation and cyber protections in place, every business is still a target.

Insurers also offer some good features with their policies where they provide full support and advice to help you stop the issue happening and get back on your feet as quickly as possible. Sometimes, when a business is hacked, it is s hard to even know where they got in, or how. Insurers have experts they can call on to assist in a time of crisis which would otherwise be very expensive to procure on your own.

Everest Risk Group are specialist cyber insurance brokers and advisers and please contact us should you require any further information for your specific circumstances.
 
General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.


Anthony Anastasio, Everest Risk Group Pty Ltd, ABN 97 106 984 623, AFSL 240549

This article originally appeared on Everest Risk Group's Latest News and has been published here with permission.

Comments (0)

Related insurance brokers

Review rating
27 reviews

Featured Featured

Abbie Wilson

National Insurance Brokers

  • Typically replies within
    a few hours
  • Review rating
    26 reviews

    Featured Featured

    Tony Venning

    Crucial Insurance and Risk Advisors

  • Typically replies within
    a few hours
  • Review rating
    16 reviews

    Featured Featured

    Shane Brady

    Stone Lane Broking & Risk Advisory

  • Typically replies within
    a few minutes