What Is Cyber Insurance?

Internet based technology, social media and transactions are the engine of modern business. Being internet based, these transactions are open to cyberattacks.

Whether conducted by criminal or activist hackers, disgruntled employees, or even nation states, a cyberattack is likely to occur, and may create a financial impact, irrespective of whether your are a small or large company.

To manage risk and build resilience, cyber attack risk is managed via a range of processes and technology.

An important part of the risk management process, is the transferring of risk to insurance, to assist in funding your response, investigation, mandatory reporting requirements, maintaining your reputation repairing damaged network assets, and to meet your liabilities – either direct, or those assumed under an agreement.

Following is an overview of what is cyber insurance and what are the key elements of coverage.

A cyber insurance policy, also known as cyber liability insurance or data breach insurance, reduces risk by funding costs involved with cyber attack or denial of service attack

Some Key Facts

Source Symantec ISTR20 2015

  • Spear phishing attacks increased 26% to 30% against SME’s
  • 317 million new pieces of malware were created
  • 1 in 9 legitimate websites have a critical vulnerability
  • Ransomware attacks grow 113% with 45 times more crypto attacks
  • 1 in 965 emails contain a phishing attack
  • 17% of Andriod Apps malware in disguise
  • 23% increase in breaches.
  • Internet of Things continues to be attacked
  • Compromised for 295 days but 59 days to patch
  • Time to compromise time v time to discovery keeps growing

Top Counties That Host Malware

Source: FORCEPOINT 2016 Global Threat Report

  • USA
  • Italy
  • Russia
  • Turkey
  • Ireland
  • United Kingdom
  • France
  • Netherlands

What Is Cyber Insurance

Cyber insurance, also known as cyber & privacy liability insurance or data breach insurance, reduces risk by funding costs involved with a cyber attack or denial of service attack. Cyber insurance is increasingly being purchased by companies of all sizes, with the total premiums forecasted to reach USD$7.5 billion by 2020.  PwC report that about one-third of U.S. companies currently purchase a form of cyber insurance.

So companies are increasingly looking to purchase cyber insurance, but what does it cover? Cyber insurance typically covers a range of a companies own expenses incurred to respond to the cyber attack, as well as claims by third parties – alleging either financial loss, or even personal injury.

This is a fast evolving space, so at this point in time, the following costs can be covered.

Investigation

Specialist investigation to identify what occurred, where in your network was infiltrated, how to repair damaged network assets, manage your reputation and importantly, and how to prevent further breaches. Investigations typically involve expert IT security contractors, as well as working with law enforcement (either federal or state).

Company Loss

A cyber insurance policy can cover your liabilities arising out of a cyber attack, as well as your loss due to network downtime, business interruption, data loss recovery and costs  of managing a crisis and your reputation.

Privacy & Manadtory Reporting

This provides coverage for the costs of data breach notifications to customers and other affected parties, where mandatory reporting laws require you to advise of the data breach. Anecdotal evidence suggests the costs per record can be between as high as USD200 per record breached.

Such mandatory reporting laws exist in the US and, EU, and are soon to be implemented in Australia.

Litigation & Cyber Ransom

Coverage for legal expenses associated with the of breach confidential information, personal health information (e.g. HIPPA data) and intellectual property, legal settlements and civil insurable regulatory penalties. This may also include the costs of cyber extortion, such as ransomware, where you may be held to ransom, to gain access to your networks, or threatened by a release of data (e.g. personal information or personal health information).

Best Practice Components of Cyber Insurance

Does your insurer offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy? In most cases, a specialist policy provides more certainty. Also find out if the policy is customisable to your needs.

A robust policy will typically cover:

  • Privacy Liability Cover to deal with claims about potential or unauthorised access to third-party private information Natural Person(s) and Entity
  • Reputation Liability Cover to deal with negative online coverage, defamation or privacy-related issues
  • Content Liability Includes online intellectual property cover (i.e. copyright, trademarks)
  • Privacy Regulatory Actions Cover fines and penalties imposed by Governments and Regulatory bodies
  • Conduit Liability Includes if the client’s system was used as a route into third-party network or system
  • Impaired Access Liability cover for losses incurred by a third-party due to being unable to access the client’s systems
  • Risk Management – The broker or insurer provides access to a ranges of services to build resilience when an attack occurs

How much Cyber Insurance should I purchase?

The 2016 TechAssure Cyber Benchmarking Report offers companies insight into the cyber insurance purchase trends of their peers
Click for more
image

Cyber Risk Management

When a breach event occurs, time is of the essence. Help manage cyber risk with eRisk Hub.

More

Want to know more?

To find out how we can help reduce your cyber risk, click below.

Contact Us