Computers have become invaluable components of an organisation’s everyday processes. Everything from sales data, to inventory lists, to customer details, to the company’s finances, are stored through some form of digital or electronic means.
The problem is, if such information is lost, stolen or otherwise compromised in a data breach, the business stands to face major financial repercussions, and it may even have to deal with a lawsuit.
And so, amid rapidly increasing cyber threats, companies have had to enhance their security measures in order to combat these risks. One way to do so is through Cyber Security Insurance.
Cyber Security Insurance, also known as Cyber Risk Insurance, is a business liability insurance policy that seeks to protect the insured business against all costs, expenses and losses arising out of incidents of cyber attacks. These include data breaches, phishing attacks, malwares, DOS attacks, and SQL injections, among others.
Cyber Liability Insurance policies offer comprehensive protection against a large number of cyber threats. The covers under this policy are largely divided into two sections :
First Party Liability
This includes any loss or damage caused to the insured business due to covered cyber risks. Here, the following events and expenses are covered :
- Emergency response costs, event management costs, recovery costs, etc. incurred during a data breach, cyber attack, human error or PCI non-compliance
- E-threat, including the cost of a negotiator, and any extortion payment made
- E-vandalism, including when such vandalism is caused by an employee
- E-theft that occurs as a result of transfer of funds or property through fraudulent means
- E-communication loss that occurs as a result of a customer transferring funds or property in response to a fraudulent communication where the insured business becomes legally liable
- The insured business’s system disruption that results in business interruption losses and extra costs of working
- Privacy notification expenses, including the cost of credit monitoring or similar services for affected customers
- Crisis expenses, such as, costs of public relations consultants, IT consultants, etc.
Third Party Liability
This includes third party claims on account of any loss or damage caused to customers and other stakeholders. Here, claims arising out of the following events are covered :
- Disclosure of customers’ private information, like phone numbers, credit card details, etc. on the internet due to system security failures
- Intellectual property rights violations, trademark and copyright infringement
- Libel, slander, invasion of privacy, or defamation of other products or services
- System security failures that cause harm to third party systems
- System security failures resulting in impaired access or unavailability of such systems to customers
Some other benefits of this policy are :
- Defence costs cover - here all defence costs incurred while defending against claims brought by a government agency, or a licensing or regulatory authority can be covered
- Subsidiary cover - most insurers also extend the coverage under a Cyber Security policy to the insured business’s subsidiaries subject to certain conditions
- Automatic extension of the trigger period - cyber insurance policies come with an extension of trigger period (the time limit for discovery and reporting of a cyber crime) by up to 90 days from the expiry of the policy period
- Coverage for mitigation costs - these are costs borne by the insured in mitigating lawsuits and further losses. Cyber risk policies cover such expenses under the written consent of the insurer
Businesses can also opt for the following optional extensions :
- Business Interruption loss arising directly and exclusively from an outsourced system's disruption
- Business Interruption losses resulting from system disruption as a sole and direct result of power outage, provided such power supply is operated only by the insured business
- Revamp advice costs after a covered cyber attack
- Extra network (internet or telephone provider) costs incurred as a direct result of unauthorised access of the insured business’s systems
- Goodwill gestures
A Cyber Liability Insurance policy will not cover the following :
- Mechanical failure, gradual deterioration, electric disturbance, satellite or internet failure or any other infrastructure failure
- Public liability, i.e., bodily injury, sickness, disease, death of any person or damage to any tangible property
- The insured’s fraudulent acts or willful violation of any law or regulation
- Deliberate dishonest, fraudulent, or reckless act or omission by or within the knowledge of the insured
- The insured’s failure to implement reasonable instructions of the legal, PR, or IT response teams
- Prior Notice Exclusion - this excludes prior notice of a fact or circumstance that has been accepted by the previous insurer
- Any actual, threatened or feared act of war, terrorism or related perils
- Any actual or alleged breach of patent rights
- Contractual liabilities
- Insolvency, bankruptcy or liquidation of the insured or a service provider of outsourced systems
With a steady rise in cyber crimes that are only getting more complex and evasive, Cyber Risk Insurance is absolutely crucial for any business establishment. Such a policy is ideal for social media, internet and software companies that deal with large volumes of sensitive information such as customer phone numbers, credit card details, addresses, and bank information.