Government figures released in April 2018 show that four in ten businesses and two in ten charities suffered a cyber breach or attack in the previous 12 months*.
We continue to see the term ‘cyber’ in business and the media but it’s a term that’s often misunderstood. Here, we explain some of the threats cybercrime poses, why you should consider purchasing a Cyber Insurance policy for your business, and which elements of cover to look at.
As we have become increasingly dependent on technology for running our businesses, managing our finances and even getting us by day-to-day, our exposure to online crime has also increased. Nowadays, it is much easier for criminals to spend their time online rather than offline—some of our most valuable assets are there. Potentially, these assets could be accessed by anyone, anywhere in the world and so your systems, finances and client data is at risk, too. So clearly, a Cyber Insurance policy that can help you protect against such risks is going to be helpful. But what covers are available and what are you actually protecting against?
Cyber is predominantly a first party exposure, with less than 5% of cyber claims by volume involving third party legal action; however, it is important to consider both, and we will look at third party covers later in this post.
First party losses can be categorised into three broad areas:
| Theft of Funds | Theft of Data | Damage to Digital |
| Theft of money from a bank account. Criminals no longer target physical banks but online accounts, and if you have been negligent in allowing this to happen, your bank will not reimburse you. | Data is extremely valuable; it’s what makes identity theft possible. Service-user information like names, addresses and dates of birth, as well as other sensitive data, can be worth a lot to criminals. | Organisations are very dependent on technology and their systems. By damaging (or threatening to damage) digital assets, criminals extort money from their victims. Even after paying a ransom, systems can be left unusable, having a severe impact on your organisation’s operations. |
With these losses in mind, we offer 5 reasons for why you should have a Cyber Insurance policy for your business.
- Cybercrime is the fastest growing crime in the world. Standard property or crime insurance policies don’t always offer comprehensive coverage for such events.
Cyber Insurance protects you against the ever-increasing and developing world of cybercrime, with criminals developing new tactics all the time, it is important your business is protected against the very latest forms of cyberattacks. - With many businesses reliant on technology to operate, business interruption is important to consider in the event of an attack. Standard business interruption insurance is unlikely to cover you under such circumstances.
What would the impact be on your business if your systems were brought down by an attack? Cyber insurance can provide cover for any loss of income and the potential extra expense associated with cybercrime. - Data is not covered by standard property policies which can leave you open to third-party claims, and you could also potentially lose what is a very valuable asset to your company.
Data is vital to most businesses today, but many business owners do not realise that their standard property policy wouldn’t react if data was damaged or destroyed. However, a cyber policy can – responding to help restore and even re-create the information damaged or lost. - Complying with breach notification laws costs time and money.
Breach notification laws are now commonplace across many territories and, among other things, require businesses that lose sensitive personal data to provide written notification to individuals that were potentially affected, in order to avoid hefty fines and/or penalties. Cyber policies can provide cover for the costs associated with providing a breach notice (even if it’s not legally required), and can also cover the associated regulatory fines and penalties. - Access to a wide range of specialist incident response services.
Responding to a cyber incident requires a range of specialists, such as IT forensics and PR agencies. SMEs are particularly at risk as they are not only increasingly targeted by criminals but are unlikely to have the range of required incident response specialists available in-house. However, a good cyber insurance policy will not only pay for these specialists but also give you access to them, which can be invaluable.
So, what are the various covers available to you and your business to help protect against cybercrime?
Typical “first party” cyber covers include:
- Incident Response – the costs involved with responding to an attack in real time (e.g. cost of IT Security & Forensic specialist support, legal advice, notifying individuals that their data has been stolen etc.).
- Cyber Extortion – this covers the costs incurred in responding to criminals trying to extort money out of the organisation by threatening to carry out a cyberattack or by threatening to use/hold as ransom data they have already obtained.
- System Damage – covers the costs involved in repairing and restoring data and applications when a system has been damaged due to a cyberattack.
- System Business Interruption – this reimburses any loss of profits and increased costs of working due to interruption to the business operations, caused by a cyber event.
And not forgetting the third party claims that could be made, here we offer information on the typical “third party (liability)” cyber covers available:
- Network Security & Privacy Liability – this provides cover for third party claims arising out of a cyber event, whether this is transmission of harmful malware or failing to prevent an individual’s data being breached.
- Regulatory Fines – the cost of certain fines and penalties that a regulatory body might enforce on an organisation due to suffering a data breach.
- Media Liability – third party claims arising out of defamation or infringement of intellectual property rights.
It is important that if you are considering purchasing a cyber insurance policy, you know which elements of cover are included. Some traditional policies may claim to include some element of cyber cover but exclude a number of the key covers discussed here, which could become a serious issue should your business suffer from a cyber-attack.
For more information on the cyber insurance covers available through McClarrons, contact your Account Executive directly or, call 01653 697055 or email enquiries@networkportfolio.co.uk/mcclarroninsurance.com, to speak to our Commercial Team.
* https://www.gov.uk/government/news/new-figures-show-large-numbers-of-businesses-and-charities-suffer-at-least-one-cyber-attack-in-the-past-year
