A Guide to Cyber Insurance: Protecting Your Online Presence
Cyber Insurance or Cyber Liability Insurance, is an insurance policy designed to protect your business from a Cyber Attack or Cyber Breach. Cyber related incidents are increasing each year, particularly as technology evolves and various products and services are transferred to electronic platforms.
Cyber Insurance is a relatively new product (compared to others) and is still not considered anywhere near as much as what it should be. Many businesses see Cyber Insurance as an “additional expense” or “unlikely occurrence”, however the reality is that a Cyber Attack could happen to anyone. 34% of Data Breaches that occurred were from Human Error. Cyber Training and Cyber Security Training has never been more important in any workforce.
Some of the highly targeted industries include Health Service Providers, Finance, Legal, Accounting, Management Services, Education and Retail. The key similarity between these businesses being that they store personally identifiable and highly confidential information.
In February 2018, the Mandatory Breach Notification Legislation was enacted. This enforced businesses who bear certain exposures to hold a higher level of responsibility to the privacy of their client’s data. For businesses that fit the criteria of this legislation, there is now an increased risk for notification expenses and penalties imposed.
Cyber Insurance is not just for businesses, there are now products available on the market which are designed to protect homeowners and their personal computer network. As unlikely as it seems, being held to ransom or losing all of your personal information is never easy to overcome.
What to look for in Cyber Insurance coverage
What we have identified is that most Cyber Insurers are developing Cyber Products and producing terms based on asking limited questions. Whilst this is convenient, we recommend providers who ask detailed and in-depth questions about your Computer Network and Computer Operating Procedures. This process allows businesses to work closely with their I.T Managers and further improve their risk mitigation by understanding what Cyber Security measures insurance companies want to see implemented.
In addition to the underwriting process, it is also important to understand the insurer’s panel of suppliers (forensics, Legal, PR etc.) and their incident management process. Some insurers use apps which immediately initiate forensic support, others have 24/7/365 hotlines that respond in a similar manner.
In terms of coverage, please see below “What does Cyber Insurance cover?”.
Do I need Cyber Security Insurance?
The simple answer is yes, anyone who owns a Computer Network should consider Cyber Liability Insurance. The reality is, different businesses and individuals will hold different exposures, so who should consider Cyber Insurance as a priority?
Cyber Insurance is commonly considered by businesses that:
1. Rely on their Computer Network to produce work
2. Earn an income from their Computer Network / Website
3. Store Personally Identifiable Information
4. Businesses that turnover more than $3,000,000
5. Businesses with employees (particularly 5+)
Outside of these parameters, businesses will consider Cyber for the peace of mind, knowing they have the support of an insurance company and specialist forensics. The inconvenience of an attack is often greater than the affordable of a Cyber Insurance policy.
What does Cyber Insurance cover?
Cyber Insurance policies are quite similar across the market, but do vary between each provider. Most policies these days are written on a First Party and Third Party Basis, with the intention of providing coverage for both the insured and their liability to customers and suppliers.
When purchasing Cyber Insurance, it is important to understand each product offering, as different businesses and industries will be subject to different risks.
Some Key Cyber Insurance covers to look for in your proposal are:
First Party Losses
Losses to your business including Business Interruption Cover
Third Party Losses
Losses such as Legal Expenses, Defence Costs, Civil Fines & Penalties, Damages, Mandatory Notices
Cyber Even Response Costs
Extortion / Ransomware Costs, Data Restoration, Identity Theft Response Costs, Notification Costs, Public Relations Costs, Pursuit Costs, Virus Extraction Costs
- Contingent Business Interruption (Business Interruption resulting from a Cyber Attack / Breach to a Supplier) – Check if the Policy Wording extends to all suppliers or only technology suppliers.
- Criminal Financial Loss – Losses arising from Cyber Theft, Socially Engineered Theft, Identity-Based Theft, Telephone Phreaking and Crypto jacking.
- Tangible Property – Losses to I.T Hardware resulting from a Cyber Breach / Attack. Most Property Insurance policies will have Cyber Exclusions for this type of incident.
What doesn’t Cyber Insurance Cover?
Just like any other insurance policy, there are certain events an insurance company does not want to provide cover for, either wholly or partly. These events are often listed on the insurer’s policy schedule, or within the policy wording (Exclusions or General Exclusions). Most insurers exclude similar things, however there is always going to be differences and items to consider. One wording might suit one business but not another, it comes down to what is going to be the most appropriate option for that particular business. Some examples of exclusions you may see in a policy wording include:
1. Death or Bodily Injury (in some cases not Mental Injury)
2. Losses outside a policy period
3. Act of terrorism
4. Losses in connection with products, hardware, SaaS, PaaS, IaaS or IT Infrastructure you sell, lease, license or provide for a fee.
5. Defective equipment or insufficient capacity of your IT infrastructure
6. Losses caused by the outage of a utility provider
7. Intentional, criminal or fraudulent acts
We recommend seeking advice from an Insurance Advisor, particular one who is experienced with a Cyber Liability policy and can assist with the explanation of policy coverage options and exclusions.
How can Hunter Broking Group assist with Cyber Insurance?
Cyber Insurance is a product we have been fortunate enough to manage on a regular basis. Hunter Broking Group look after a large number of Accountants, Mortgage Brokers, Finance Brokers, Real Estate Agents and I.T / Telecommunication businesses, all industries that should consider Cyber Insurance. With that being said, we also manage Cyber Insurance policies for high risk industries such as Data Warehousing for Law Firms and Hospitals, Building Email Marketing Portals and Data Warehousing for Healthcare and Financial Institutions etc. When we provide advice on cyber risks, we focus on the big picture and worst case.
We enjoy working closely with your business partners and I.T Managers to produce the most appropriate solution for your business.
We would love to work with your business in tailoring a comprehensive solution.
A special thanks to Emergence Insurance for providing statistics and data that we could utilise for our blog to further assist with Cyber Insurance education and understanding.
This article originally appeared on Hunter Broking Group Media and has been published here with permission.
Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Josh Ryan.