Cyber liability insurance (sometimes called cyber security insurance or cyber risk insurance) helps your business pay for costs to recover from a cyber security breach. Some examples of expenses covered include: investigation costs, business interruption, lawsuits and ransomware payments.

Technology and the internet in particular is a crucial part of how organizations reach customers and do business these days. While these technologies have greatly benefited businesses around the world, this same infrastructure can be exploited by nefarious parties to do damage. Lone hackers, organized cyber crime rings, and even nation states are using this technology to target organizations large and small for cyberattacks.

Hackers and cyber criminals around the world are getting more sophisticated at circumventing business’ security measures and gaining access to sensitive systems and data. With recent high profile hacks on the likes of Equifax, Marriott International Hotels, and even Facebook in 2019, nobody is completely protected. If these companies, who spend millions each year on cyber security, can be hacked, then so can you.

Managing Cyber Risk

As licensed insurance brokers, one of our value-adds is to act as risk managers for our clients. As a business owner or CIO (Chief Information Officer), you have you make decisions on how to manage cyber risks. Risk management methods generally fall into 4 categories (CART):

• Control: involves reducing or eliminating the risk - examples include purchasing firewalls and setting up various cybersecurity systems.
• Avoid: this means to avoid the risk altogether - examples include not storing customer data on your own systems or using a 3rd party like Stripe or Paypal to process payments.
• Retain: this means to pay for losses yourself - for most businesses, this is not a practical way to deal with large risks like cyber attacks.
• Transfer: this means to transfer the financial burden of the risk to someone else - a common example would be the purchase of cyber security insurance.

While a good cyber risk management plan involves all 4 risk management techniques discussed above, more and more businesses are recognizing the benefits of cyber liability insurance as a way to offset the costs of recovering after a cyber-related security breach. Although there are no good statistics for cyber liability insurance in Hong Kong, about 1 in 3 US companies currently have some type of cyber insurance with total premiums forecasted to reach $7.5 billion by 2020.

These numbers indicate a strong need for cyber security insurance amongst businesses of all sizes.

What Is Cyber Liability Insurance

While cyber risk insurance can’t stop you from being hacked, it can help you mitigate some of the financial and reputational consequences of a breach. Cyber liability insurance coverages are typically broken down into first party and 3rd party coverages. Some examples of expenses covered by a typical cyber liability insurance policy includes:

Investigation Costs

After a breach occurs, a detailed forensic investigation must be conducted to determine the cause of the breach and fix it to prevent the same type of breach in the future. These investigations can involve engaging specialized cybersecurity firms and law enforcement.

Notification Costs

If a breach involved the leaking of sensitive customer data, many jurisdictions require businesses inform those customers and set up free credit monitoring for them (see the Equifax hack in 2017). Depending on how many customers you have, this can represent a significant cost that a proper cyber risk insurance policy could help you mitigate.

Business Interruption

When a cyber attack affects your systems, there could be significant costs associated with network downtime,data recovery,crisis management and reputational damage. A comprehensive cyber insurance policy would help you mitigate these potentially significant costs.

Some examples of disruptive events include: denial of service attacks (DDoS) and ransomware attacks.

Lawsuits and Fines

Many jurisdictions will now impose fines for businesses that fail to protect confidential data. In addition, you could face legal liability from clients and other 3rd parties if their confidential information or intellectual property was leaked from your systems. Much like other liability policies, cyber liability insurance would step in to defend you and pay damages if necessary.

Extortion and Ransomware

Ransomware is becoming a very popular extortion tool used by cyber criminals all over the world. Ransomware is a type of malware that encrypts all your files and forces you to pay a fee (usually in the form of Bitcoin or some other cryptocurrency) to get the “key” or password to decode your files and get them back. Many cyber insurance companies offer policies that cover these ransom payments.

Cyber Liability Insurance Costs

Many of the most well-known insurance companies offer cyber insurance. But like most business insurance policies, prices and coverages offered can vary significantly so it pays to speak with a licensed cyber insurance professional before making a decision.

Cyber liability insurance costs vary based on many factors but here are some important ones:

• Claims/Loss History
• Level of Protection: they will want to assess your processes, employee training, protection systems, etc. to measure your vulnerability to cyber threats. The better your risk management plan, the cheaper your cyber insurance premiums will be.
• Deductible: a larger deductible means a smaller premium

To learn more about cyber liability insurance, get in touch with a technology risk specialist at Trusted Union. We work with many of the top cyber insurance companies in Hong Kong to ensure we can find coverage for any business or budget.