Web of deceit
If you run a business you need to protect it from a myriad of threats in this digital age. Attacks such as data breaches or malicious cyber hacks on work computer systems. Cyber insurance (also referred to as cyber risk or cyber liability insurance) is the answer says Mark Nicholl
Cyber Insurance, two words that will either get you running for the hills or send you straight to sleep.
Agreed, it’s definitely not in the top five dinner party topics, but If you run a business you’d be a fool to ignore it. With the arrival of the General Data Protection Regulations (GDPR) not only will your trading be impacted, a data breach could lead to a fine which is set at an eye watering €20 million, or 4% of annual global turnover – whichever is greater.
In this article we’ve tried to break it down for you into bite size chunks so when you come to buy or renew your policy you know what to look for.
Cyber insurance policies tend to be modular in nature which means they consist of different coverage areas. This results in confusion as to how all the aspects fit together. You can be left unsure of what you are actually covered for.
Most cyber policies can be divided into two areas of cover. These are first party and third party.
First party. The first party is about you. It covers your business’s assets should you suffer financial loss arising from a cyber event. The majority of cyber claims come from first party losses. So what is a cyber event? It’s described as any actual or suspected unauthorised system access, privacy breach, electronic attack or system downtime.
Third party covers you for claims made against you as a result of a cyber event. In the context of the insurance policy, cybercrime typically refers to attacks that involve the theft of funds from the victim as opposed to theft or data or digital assets. This tends to happen in one of three ways.
This is when hackers threaten to expose or destroy data that they have successfully compromised in order to extort money from you. The recent WannaCry attack on the NHS cost them in the region of £92m. £20m in cancelled appointments and £72m in the clean-up and upgrades to their systems.
When attackers hack into your network and gain unauthorised access to online accounting or banking platforms.
This is when attackers generally use a genuine looking email to imitate a senior member of staff, customer or supplier in an attempt to get you to transfer money or open a malicious link.
If you are choosing an insurance policy you need to make sure it covers the full range of cyber crimes and there are lots. They include fund transfer fraud, ransomware, and targeted extortion.
There are new emerging forms of malware now. These include ‘cryptojacking’ where your systems are used to send malicious traffic.
Some policies will require you to have agreed levels of security in place, such as call back procedures on any requests to transfer money so you’ll need to ensure your systems and procedures are robust enough. Investing now will save you in the long run.
One of the key things for a business is how quickly will you be up and running again after an event. At the heart of a strong cyber policy is ‘incident response’. Will it pick up the costs involved in responding to a cyber incident in real time? Does it cover IT security and specialist forensic support, legal advice, costs associated with letting individuals know that their data has been compromised? Does it cover the costs for applications and data to be repaired, restored or recreated? Will it reimburse you for the loss of profits and increased cost of working as a result of any interruption to your business operations?
The final area to consider is lawsuits and fines. These have the ability to destroy a business.
Now, we can fill you full of facts and figures, but the reality is seen in the news most weeks and that’s just the big companies. Imagine what it can do to a smaller business if they haven’t got the right kind of cover? This part of your policy covers for third party claims coming from a cyber event including the transmission of harmful malware to a third party’s system and failing to prevent an individual’s data being breached.
So, there you have it in full. Cyber Insurance deconstructed.
Six in every ten SME’s suffer a cyber attack.
Just in case you need more proof according to a recent survey by Hiscox Insurance, the average cost of attacks has spiralled upwards.
Nearly half of small firms (with less than 50 employees) were attacked, up from a third in 2018. But there’s also been a surge in hacks against medium-sized businesses. Nearly two thirds of companies with less than 250 employees fell victim to attack, a big jump on the previous year (36%).
In real terms this means the total cost of all cyber-related incidents against a medium-sized firm has skyrocketed from an average total of £35,000 in 2018 to £145,000 this year.
If you would like some advice or simply to talk through your existing policy to ensure you are properly covered, contact J. Bennett & Son Insurance Brokers on 01494 450 450.
You can read more articles like this one in the latest edition of Thame Out.