Internet based technology, social media and transactions are the engine of modern business. Being internet based, these transactions are open to cyberattacks.
Whether conducted by criminal or activist hackers, disgruntled employees, or even nation states, a cyberattack is likely to occur, and may create a financial impact, irrespective of whether your are a small or large company.
To manage risk and build resilience, cyber attack risk is managed via a range of processes and technology.
An important part of the risk management process, is the transferring of risk to insurance, to assist in funding your response, investigation, mandatory reporting requirements, maintaining your reputation repairing damaged network assets, and to meet your liabilities – either direct, or those assumed under an agreement.
Following is an overview of what is cyber insurance and what are the key elements of coverage.
A cyber insurance policy, also known as cyber liability insurance or data breach insurance, reduces risk by funding costs involved with cyber attack or denial of service attack
Some Key Facts
Source Symantec ISTR20 2015
- Spear phishing attacks increased 26% to 30% against SME’s
- 317 million new pieces of malware were created
- 1 in 9 legitimate websites have a critical vulnerability
- Ransomware attacks grow 113% with 45 times more crypto attacks
- 1 in 965 emails contain a phishing attack
- 17% of Andriod Apps malware in disguise
- 23% increase in breaches.
- Internet of Things continues to be attacked
- Compromised for 295 days but 59 days to patch
- Time to compromise time v time to discovery keeps growing
Top Counties That Host Malware
Source: FORCEPOINT 2016 Global Threat Report
- United Kingdom
What Is Cyber Insurance
Cyber insurance, also known as cyber & privacy liability insurance or data breach insurance, reduces risk by funding costs involved with a cyber attack or denial of service attack. Cyber insurance is increasingly being purchased by companies of all sizes, with the total premiums forecasted to reach USD$7.5 billion by 2020. PwC report that about one-third of U.S. companies currently purchase a form of cyber insurance.
So companies are increasingly looking to purchase cyber insurance, but what does it cover? Cyber insurance typically covers a range of a companies own expenses incurred to respond to the cyber attack, as well as claims by third parties – alleging either financial loss, or even personal injury.
This is a fast evolving space, so at this point in time, the following costs can be covered.
Best Practice Components of Cyber Insurance
Does your insurer offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy? In most cases, a specialist policy provides more certainty. Also find out if the policy is customisable to your needs.
A robust policy will typically cover:
- Privacy Liability Cover to deal with claims about potential or unauthorised access to third-party private information Natural Person(s) and Entity
- Reputation Liability Cover to deal with negative online coverage, defamation or privacy-related issues
- Content Liability Includes online intellectual property cover (i.e. copyright, trademarks)
- Privacy Regulatory Actions Cover fines and penalties imposed by Governments and Regulatory bodies
- Conduit Liability Includes if the client’s system was used as a route into third-party network or system
- Impaired Access Liability cover for losses incurred by a third-party due to being unable to access the client’s systems
- Risk Management – The broker or insurer provides access to a ranges of services to build resilience when an attack occurs