Cyber Insurance - What is it?
Cyber Insurance is one of the newest forms of insurance coverage.
Today, information constitutes a significant portion of company assets and intellectual property which is all predominantly stored electronically and shared over networks. What would happen if these vital corporate assets were stolen, disclosed, lost, destroyed, or corrupted?
Cyber-crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism. Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks and fraudulent online scams to perpetrate their crimes. They find it relatively easy to access computers and networks inadequately protected by virus software, passwords or laxed corporate governance and staff awareness. Cyber Criminals will also directly steal laptops, computers and mobile devices and take advantage of computers that are left unattended.
A Cyber Insurance product is used to protect business and individual users for related risk arising from data and the internet and more generally risks relating to information technology infrastructure and activities.
These risks are typically excluded, or at least not well-defined cover being provided by traditional insurance policies such as:
- Public & Products Liability (General Liability)
- Directors & Officers Liability (Management Liability)
- Professional Indemnity
- Information Technology Liability
Coverage provided by Cyber Insurance policies vary greatly from insurer to insurer, but generally the main areas of cover the policy seeks to cover are:
1. First party coverage against losses resulting from:
- Data destruction
- Theft / Crime resulting from internet / network based fraud
- Denial of service attacks
- IT Forensic costs
- Credit Monitoring Costs
- Public Relations Costs
- Other systems interruption issues as defined by the policy
- Business Interruption consequence of a cyber incident
2. Liability coverage for losses caused to others, for example:
- Failure to safeguard data and privacy breaches
- From failure to keep data secure, including claims for compensation,
- Investigations, payment of fines and penalties.
- Defence costs and legal representation expenses.
Perhaps the easiest way to demonstrate the benefits of Cyber Insurance is by the following claims scenarios:
|Travel agency||The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals credit card information and passport details were compromised||$1,750,000 paid for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals including providing credit monitoring services|
|Charity||The Insured was targeted with a denial of service attack (floods a targeted system with incoming web traffic until it is virtually crippled) in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.||$1,500,000 paid for the lost donations and rectifying the damage to the Insureds website|
|Online Retailer||The Insured website was defaced and included a link to a competing retailer website when hackers gained access to personal information of their customers and overtook their website.||$800,000 was paid for loss of income, cost to repair the website as a result of the hack, defence costs for regulatory actions by the Privacy Commissioner, and costs of notifying the affected individuals including providing credit monitoring services.|
|Law firm||The Insured server and client records were locked by Ransomware software. The Insured was only able to get the files released after paying a ransom of $50,000 to hackers.||$150,000 paid for the loss of income, the ransom demand including consultants costs to advise on handling and negotiation of the ransom, and costs to restore the network as the hackers refused to release the files despite ransom payment.|
|Accountant||The Insured used a third party cloud based software provider to hold confidential client information. The cloud provider advised the Insured that their account had been accessed by an unauthorised identity who had deleted data relating to 5,000 clients. As a result of the hack, the client was unable to operate as usual due to the missing data and limited access to their software.||IT Forensic Consultants to assist the client in investigating whether their systems had also been compromised. As the incident occurred prior to the new privacy regime taking effect, the Insured did not have to report the privacy breach, however in order to be transparent with the Commissioner and its clients, the Insured advised the Privacy Commissioner of the potential breach. The Insured was able to claim for business interruption costs, forensics and legal costs. Payment: $124,000.|
Tips For Preventing Cyber Attacks
Covid has caused headaches for IT teams and cyber security teams everywhere. The issues are two-fold. Firstly, there are simply more attack vectors with so many people working from remote locations which may be unprotected or un-monitored, or attached to insecure networks. Secondly, cyber criminals have really ramped up their game as a result there has been a large spike in cyber activity since Covid.
Passwords, email, social networking and out-of-date software all provide opportunities for cybercriminals.
To prevent attacks:
- Protect your computer with both a firewall and an anti-virus program. Keep your anti-virus program up-to-date and remember to renew your annual subscription.
- Ensure your network is patched for latest security updates.
- Back-up all important data. Viruses and malware can destroy vital information.
- Create a password of more than six characters with a combination of letters and numbers. Do not save the password on your computer or share it with others and change it regularly.
- Email is the most likely route for viruses and hackers. Do not open any email attachments from people you do not know.
- Use the privacy settings on social networking sites to prevent malicious access to your personal information.
- Use two factor identification
- Conduct regular staff cyber awareness training
Why is Cyber Insurance important for all businesses to consider?
Cyber Insurance is no different to any other form of insurance, in that it will protect you from considerable financial harm if the worst were to happen. Even with the best mitigation and cyber protections in place, every business is still a target.
Insurers also offer some good features with their policies where they provide full support and advice to help you stop the issue happening and get back on your feet as quickly as possible. Sometimes, when a business is hacked, it is s hard to even know where they got in, or how. Insurers have experts they can call on to assist in a time of crisis which would otherwise be very expensive to procure on your own.
Everest Risk Group are specialist cyber insurance brokers and advisers and please contact us should you require any further information for your specific circumstances.
This article originally appeared on Everest Risk Group's Latest News and has been published here with permission.