Cyber Insurance - What is it?

Cyber Insurance is one of the newest forms of insurance coverage.

Today, information constitutes a significant portion of company assets and intellectual property which is all predominantly stored electronically and shared over networks. What would happen if these vital corporate assets were stolen, disclosed, lost, destroyed, or corrupted?

Cyber-crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism. Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks and fraudulent online scams to perpetrate their crimes. They find it relatively easy to access computers and networks inadequately protected by virus software, passwords or laxed corporate governance and staff awareness. Cyber Criminals will also directly steal laptops, computers and mobile devices and take advantage of computers that are left unattended.

A Cyber Insurance product is used to protect business and individual users for related risk arising from data and the internet and more generally risks relating to information technology infrastructure and activities.

These risks are typically excluded, or at least not well-defined cover being provided by traditional insurance policies such as:

Coverage provided by Cyber Insurance policies vary greatly from insurer to insurer, but generally the main areas of cover the policy seeks to cover are:

1. First party coverage against losses resulting from:

2. Liability coverage for losses caused to others, for example:

Perhaps the easiest way to demonstrate the benefits of Cyber Insurance is by the following claims scenarios:

  Profile  Background  Outcome Travel agency  The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals credit card information and passport details were compromised  The Insured experienced three separate data breaches over a three-year period in which hackers gained access to the Company's computer system. Over 250,000 individuals credit card information and passport details were compromised  $1,750,000 paid for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals including providing credit monitoring services

  Charity  The Insured was targeted with a denial of service attack (floods a targeted system with incoming web traffic until it is virtually crippled) in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.  $1,500,000 paid for the lost donations and rectifying the damage to the Insureds website 
  Online Retailer  The Insured website was defaced and included a link to a competing retailer  website when hackers gained access to personal information of their customers and overtook their website.  $800,000 was paid for loss of income, cost to repair the website as a result of the hack, defence costs for regulatory actions by the Privacy Commissioner, and costs of notifying the affected individuals including providing credit monitoring services.
  Law firm  The Insured server and client records were locked by Ransomware software. The Insured was only able to get the files released after paying a ransom of $50,000 to hackers.  $150,000 paid for the loss of income, the ransom demand including consultants costs to advise on handling and negotiation of the ransom, and costs to restore the network as the hackers refused to release the files despite ransom payment.

  Accountant  The Insured used a third party cloud based software provider to hold confidential client information. The cloud provider advised the Insured that their account had been accessed by an unauthorised identity who had deleted data relating to 5,000 clients. As a result of the hack, the client was unable to operate as usual due to the missing data and limited access to their software.  IT Forensic Consultants to assist the client in investigating whether their systems had also been compromised. As the incident occurred prior to the new privacy regime taking effect, the Insured did not have to report the privacy breach, however in order to be transparent with the Commissioner and its clients, the Insured advised the Privacy Commissioner of the potential breach. The Insured was able to claim for business interruption costs, forensics and legal costs. Payment: $124,000.

 

Covid has caused headaches for IT teams and cyber security teams everywhere. The issues are two-fold. Firstly, there are simply more attack vectors with so many people working from remote locations which may be unprotected or un-monitored, or attached to insecure networks. Secondly, cyber criminals have really ramped up their game as a result there has been a large spike in cyber activity since Covid.

Passwords, email, social networking and out-of-date software all provide opportunities for cybercriminals.

 

Cyber Insurance is no different to any other form of insurance, in that it will protect you from considerable financial harm if the worst were to happen. Even with the best mitigation and cyber protections in place, every business is still a target.

Insurers also offer some good features with their policies where they provide full support and advice to help you stop the issue happening and get back on your feet as quickly as possible. Sometimes, when a business is hacked, it is s hard to even know where they got in, or how. Insurers have experts they can call on to assist in a time of crisis which would otherwise be very expensive to procure on your own.

Everest Risk Group are specialist cyber insurance brokers and advisers and please contact us should you require any further information for your specific circumstances.