Cyber Liability and Data Protection
Every business in today’s business environment is connected to the internet in one way or another. This connection allows us to conduct business with various software programs, communicate with customers, vendors, and financial institutions, and store sensitive information in the cloud. This connection is a blessing and a curse.
The risk of cyber liability and data protection has never been greater. Business owners know this all too well by the daily reports of various organizations being hacked by sophisticated criminals who lurk in the background working to steal sensitive information.
It’s not about who, it’s about when. Knowing a data breach is likely, your next move should be to transfer the risk to an insurance company with a cyber insurance policy.
A comprehensive cyber liability and data protection policy will provide the financial cover you need to deal with a data breach that results in the loss of sensitive information. There are also cyber attacks that can hold your data hostage until you pay a significant ransom known as Ransomware. This is a virus that affects your computer and encrypts the information on your hard drive. Your only recourse is to pay the ransom to get the key to unencrypt the information.
What Is Covered In Your Cyber Insurance Policy?
Claims from a third party – this cover provides financial protection for your liability to a third party if you are found liable for failing to keep sensitive data secure. This cover is available to pay for third party compensation, investigative costs, defence costs and fines or penalties by the authorities where you operate.
First Party Cover – This cover will reimburse your business for the costs of responding to a direct breach. These costs are a result of forensic requirements, public relations costs to repair your reputation, and reimbursement for ransom payments to hackers.
Business interruption – Most hack attacks result in business interruption. Your business losses that result from a data breach, as well as any additional expenses, are reimbursed by the insurer so you can return to business as usual following an attack.
- PR & Crisis Management
- Legal & Forensic Services
- Customer Call Center & Notification Services
- Loss Prevention Solutions - credit & identity monitoring, etc.
First Party Coverage
- Business Interruption
- Cyber Extortion
- Data Recovery
- Data & Network Liability
Third Party Coverage
- 3rd Party Information & Privacy Coverage
- Regulatory Defense & Penalties
- Media & Payment Card Liability
If you are in business, and you are connected to the internet at any time, your business is at risk It is not about if you are attacked, it is about when you are attacked. Hackers do not discriminate and no business is immune. You should consider transferring this risk with a cyber insurance policy to protect your business if the worst thing happens.
What Does Cyber Insurance Not Cover?
Most policies have important exclusions that can have a material impact on your coverages. Some common examples include:
- Security Standards Exclusion - You may be denied coverage for a breach if you fail to maintain security standards common in your industry
- Bodily Injury & Property Damage
- War, Terrorism, Invasion, Insurrection
- Prior Breaches - There is no coverage for breaches that occurred prior to this policy coming into force
- Laptops - You may not have coverage for claims based upon an employee losing an unencrypted laptop
You should always review your coverage and exclusions with your broker. If there are exclusions that you want coverage for, get in touch and we can make sure you have the right coverage for your business needs and budget.
How expensive are cyber security incidents and data breaches?
The world of cyber security is ever-changing. These days, the most common threats to business come in the form of phishing attacks to gain access to credentials and ransomware attacks that lock up your data files and hold them ransom for a fee.
When it comes to things like cyber attacks and data breaches, it’s not a matter of if, but when. Here are some statistics to give you an idea of the scale of the issue:
- Deloitte estimates that a low end cyber attack can be launched for just US$34/month and return up to US$25,000. A more sophisticated attack will cost a few thousand but return as much as US$1,000,000 per month.
- According to research by Accenture, the total cost of cyber crime to each company rose to a staggering US$13 million.
With this type of risk-return characteristics and the technology proliferating and becoming more accessible to even technologically unsophisticated actors, this cost is only going to go up in future.
Cyber Claims Examples
Businesses small and large are under constant attack from cyber criminals looking for a payday to nation-state-level hackers looking for confidential information and IP. To help you determine the limits required for your type of business, here are claims examples from other businesses that may be similar to yours:
Example 1 : Eye Surgery Clinic (2 locations, 15 staff, $60M in turnover)
An employee opened an email attachment containing a ransomware virus which encrypted the clinic’s network. The cyber criminals demanded US$30,000 in Bitcoin to restore the encrypted files. They were able to continue their operations using paper files but this significantly slowed things down. They were also unable to invoice clients. Luckily, forensic investigators were able to recover the majority of their systems and restore the data.
US$450,000 in IT expenses, First Party damage and lost productivity.
Example 2 : Accountant (20 staff, $17.5M turnover)
A former IT contractor allegedly logged into the systems remotely without authorization and deleted files on the Insured’s server. Then they downloaded spyware and other viruses onto the server. When interviewed by policy, the individual said his computers were all stolen prior to the hack.
$40,000 in costs incurred while restoring and repairing the damaged server.
Example 3 : Online Clothing Store (5 staff, $10M turnover)
On 2 occasions, the Insured’s computer systems were affected by a CryptoLocker virus which prevented them from operating as usual.
$70,000 in IT expenses to restore the Insured’s systems
While having firewalls, antivirus software and other technologies in place are key pieces of the cybersecurity puzzle, staff must be trained as well. More and more cyber criminals are exploiting the naivety of employees to penetrate critical computer systems.
Social engineering is the use of deception by hackers to manipulate individuals into divulging confidential information that may be used for fraudulent purposes.
A classic example of social engineering is a “phishing” attack. In a phishing attack, a person receives an authentic-looking email that could be from their boss or the company CEO. The aim of this email is to trick the recipient into disclosing sensitive information or carrying out tasks like sending money to a particular account. These emails can contain malicious links or attachments and will look like they came from a legitimate sender such as a colleague, vendor, manager, or supplier.
In one example, a hacker impersonated a client of the Insured using an identical email address asking the Insured to send future payments to a new bank account. When the payment was due, the Insured paid HKD$205,000 into the wrong account.
As a result, the Insured’s cyber insurance policy paid HKD$205,000 in indemnity for the direct financial loss suffered by the Insured.
The cyber security battle is fought in cyberspace but the effects are felt in real life by businesses and their clients. No matter what level of cybersecurity you put into place, history shows us that it’s only a matter of time before you suffer a costly breach.
When that happens, a proper cyber insurance policy will step in to protect you and your clients from cybercriminals. Contact a licensed Trusted Union cyber risk specialist to get a free cyber insurance quote.
CYBER INSURANCE FAQ
Cyber insurance works like any regular insurance policy. When you have a cyber breach, you would contact your insurer or insurance broker to start the claims process. Depending on your liability policy, the insurer would pay for: breach response, first party damage to your computer systems, and 3rd party damage to customers, clients, etc.
Technical solutions to the problem are important but the statistics are clear - every business will suffer a hacking attack at some point. And with the high cost of each attack (outlined above), many businesses would suffer an irreversible financial loss without insurance indemnity.
- Security systems in place (ie. firewalls, anti-virus, employee training, etc.)
- Type of business - some business like financial institutions are more at risk of being attacked than others
- Mature and amount of information collected - this figure is important because many lawsuits award damages on a per-record basis. For example, you may be ordered to pay damages equal to US$5 per client record exposed
- Limits chosen
A small family-run cafe might not need cyber insurance but if your business relies on computer systems to operate efficiently, cyber insurance is definitely worth the cost. This is doubly true if you handle sensitive client information.
One of the most important benefits to cyber insurance is that it covers your responsibility to 3rd parties if their data is leaked on your watch. To understand what limit you require, you should review past court awards and damages paid by businesses of similar size and industry. Your insurance broker is also a great resource. We work on these types of policies all the time and we can guide you on what’s reasonable based on your business needs and budget.
At Trusted Union, we work with over 40 multinational insurers to place all sorts of risks - including cyber insurance. When you work with us, we’ll first go through a discovery process to help us understand your business. From there, the hard work begins. We reach out to our key relationships to see who has the appetite to underwrite your risk. We negotiate with as many insurers as we can to get you the quotes that best fit your business needs and budget.
From there, we schedule another call to review these options and give you the advice you need to choose the best risk management solution for your business.
Get your free quote today
Receive a free consultation for a cyber insurance quote.
You will then be contacted by an independent insurance broker who will then discuss further your specific requirements.