The term ‘cyber’ is seen a lot in business and the media but it’s probably one of the most misunderstood topics.
With the technology revolution came a new opportunity for criminals to carry their work out digitally. Some of our most valuable assets are now accessible by anyone, anywhere in the world. As such, your systems, finances and services, many of which contain sensitive client data, is potentially at risk.
Ultimately, cyberattacks are modern crimes and cyber insurance is the way to protect against them – covering the loss, theft or destruction of a company’s digital assets.
Truly, cyber is predominantly a first party exposure with less than 5% of cyber claims by volume involving third party legal action but it is important to consider both.
First party losses can be categorised into three broad areas:
| Theft of Funds | Theft of Data | Damage to Digital |
| Theft of money from a bank account. Criminals no longer target physical banks but online accounts, and if you have been negligent in allowing this to happen, your bank will not reimburse you. | Data is extremely valuable; identity theft is only possible with data. Service-user information like names, addresses and dates of birth, as well as other sensitive data, can be worth a lot more than you might think. | Organisations are very dependent on technology and their systems. By damaging (or threatening to damage) organisations’ digital assets, criminals look to extort money from their victims. Even after paying a ransom, systems can be left unusable, having a severe impact on your organisation’s operations. |
Cyberattacks can signal a direct financial loss to your business, but this can be
transferred to a cyber insurance policy. So, what cover is actually available?
Typical “first party” cyber covers include:
- Incident Response – the costs involved with responding to an attack in real time (e.g. cost of IT Security & Forensic specialist support, legal advice, notifying individuals that their data has been stolen etc.). Not only will a cyber policy pay for such specialists but it will provide access to the right specialists.
- Cyber Extortion – this covers the costs incurred in responding to criminals trying to extort money out of the organisation by threatening to carry out a cyberattack or by threatening to use/hold as ransom data they have already obtained.
- System Damage – covers the costs involved in repairing and restoring data and applications when a system has been damaged due to a cyberattack.
- System Business Interruption – this reimburses any loss of profits and increased costs of working due to interruption to the business operations which was caused by a cyber event.
Typical “third party (liability)” cyber covers include:
- Network Security & Privacy Liability – this provides cover for third party claims arising out of a cyber event, whether this is transmission of harmful malware or failing to prevent an individual’s data being breached.
- Regulatory Fines – the cost of certain fines and penalties that a regulatory body might enforce on an organisation due to suffering a data breach.
- Media Liability – third party claims arising out of defamation or infringement of intellectual property rights.
It is important that if you are considering purchasing a cyber insurance policy, you know which elements of cover are included within it. Some traditional policies may claim to include some element of cyber cover but exclude a number of the key covers mentioned above; this could become a serious issue for your charity or care organisation if you believe you are covered.
If you would like to know more about the cyber insurance policies available, contact our dedicated care team on 01653 697055 or email care@networkportfolio.co.uk/mcclarroninsurance.com.
