Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ornare risus adipiscing nunc fringilla pellentesque. Eget vulputate sed arcu malesuada vitae ut id. Ac, at nibh tellus vitae. Sit aliquet turpis egess duis lacus. Vitae.
Information is one of modern business most important assets. In an ever evolving virtual world, your information is increasingly vulnerable to cyber attack.
Whether conducted by criminal or activist hackers, disgruntled employees, or even nation states, a cyberattack is likely to occur, and may create a financial impact, irrespective of whether your are a small or large company.
To manage risk and build resilience, cyber attack risk is managed via a range of processes and technology.
An important part of the risk management process, is the transferring of risk to insurance, to assist in funding your response, investigation, mandatory reporting requirements, maintaining your reputation repairing damaged network assets, and to meet your liabilities – either direct, or those assumed under an agreement.
Following is an overview of what is cyber insurance and what are the key elements of coverage.
Source: FORCEPOINT 2016 Global Threat Report
Cyber insurance, also known as cyber & privacy liability insurance or data breach insurance, reduces risk by funding costs involved with a cyber attack or denial of service attack. Cyber insurance is increasingly being purchased by companies of all sizes, with the total premiums forecasted to reach USD$7.5 billion by 2020. PwC report that about one-third of U.S. companies currently purchase a form of cyber insurance.
So companies are increasingly looking to purchase cyber insurance, but what does it cover? Cyber insurance typically covers a range of a companies own expenses incurred to respond to the cyber attack, as well as claims by third parties – alleging either financial loss, or even personal injury.
This is a fast evolving space, so at this point in time, the following costs can be covered.
We hold the information we collect from you in our computer system and in our hard copy files. We ensure that your information is safe by following the usual security procedures expected by our clients.
Specialist investigation to identify what occurred, where in your network was infiltrated, how to repair damaged network assets, manage your reputation and importantly, and how to prevent further breaches. Investigations typically involve expert IT security contractors, as well as working with law enforcement (either federal or state).
A cyber insurance policy can cover your liabilities arising out of a cyber attack, as well as your loss due to network downtime, business interruption, data loss recovery and costs of managing a crisis and your reputation.
This provides coverage for the costs of data breach notifications to customers and other affected parties, where mandatory reporting laws require you to advise of the data breach. Anecdotal evidence suggests the costs per record can be between as high as USD200 per record breached. Such mandatory reporting laws exist in the US and, EU, and are soon to be implemented in Australia.
Coverage for legal expenses associated with the of breach confidential information, personal health information (e.g. HIPPA data) and intellectual property, legal settlements and civil insurable regulatory penalties. This may also include the costs of cyber extortion, such as ransomware, where you may be held to ransom, to gain access to your networks, or threatened by a release of data (e.g. personal information or personal health information).
Loss: $170K
An employee at a retail store ignored internal policies and procedures and opened a seemingly innocuous file attached to an email. The next day the store’s stock order and cash registers started to malfunction and business trade was impaired as a result of the network failing.
The store incurred over $100,000 in forensic investigation and restoration services. They also had additional increased working costs of $20,000 and business income loss estimated at $50,000 from the impaired operations.
Loss: $325K
A company executive’s laptop was stolen from a vehicle.
The laptop contained significant private customer and employee information. Although the file was encrypted, the overall password protection on the laptop was weak and the PIN for
accessing the encrypted information was compromised.
After assessing the nature of the information on the laptop with a forensic expert and outside compliance counsel at a cost of $50,000, the company voluntarily notified relevant customers and employees and afforded call centre, monitoring, and restoration services, as appropriate.
While additional first-party cost was $100,000, the company also incurred $75,000 in expenses responding to a multi-state regulatory investigation.
Ultimately, the company was fined $100,000 for deviating from its publicly stated privacy policy.