“Highly recommend John Phillips. We’ve recently had to claim on our insurance due to the loss of our websites and the whole process has been SO efficient. Every company should have cyber insurance”
Sections of Cover
Cyber insurers may use different terminology but in general the covers can be separated into several broad categories. What is interesting about cyber insurance versus other types of policy is the scope they have to deal with problems creatively engaging a number of different professionals in order to reach a cost effective and expeditious conclusion.
Each section of cover encompasses a number of different eventualities and can involve several different types of professional. There is some overlap but this is a strength as the insurer acts as a hub to ensure the response is seamless, timely and co-ordinated.
This section of cover will generally pick up all of the costs involved in responding to a cyber incident in real time, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security. One of the most important aspects of a cyber policy is that it provides access to the right specialists when time is of the essence as well as paying for their services. This can be the greatest proportion of the claims costs.
This section covers costs incurred in responding to fraudsters attempting to extort money out of an insured by either threatening to carry out a cyber attack or by threatening to expose or destroy data after having already compromised the victim’s network. Ransomware, where the victim’s data is encrypted (converted into an unreadable format) and only made accessible again by the payment of a ransom demand to the attacker, is one of the fastest growing forms of cybercrime. This method is still going strong with a rise in 2019 of 77% over the second half of 2018.
This covers losses suffered in direct response to a social engineering communication. This can include via email or on the telephone. It is also possible for some policies to cover your losses and sometimes even your client’s losses if they suffer losses due to being contacted by someone fraudulently purporting to be from your organization.
This section covers the costs for an insured’s data and applications to be repaired and restored in the event that their computer systems are damaged as a result of a cyber event such as malware. This is often critical in getting a company back up and running.
This covers any third party claims arising out of defamation or infringement of intellectual property rights. Media cover started out in cyber policies to offer protection in respect of online content only, but as policies have broadened over the years, it’s not uncommon for full media cover to be provided.
This covers the cost of certain fines and penalties that a regulatory body might enforce on an organisation as a result of them having suffered a data breach in so far as these are legal.
This cover will deal with any costs incurred should an individual or organisation take legal action against you over any alleged negligence in relation to your cyber activities. This is particularly important as there are likely to be many claims for compensation for distress following data breaches in the coming years whilst the parameters of this sort of claim are defined.
This cover aims to reimburse loss of profits and increased costs of working as a result of interruption to a business’s operations caused by a cyber event. It works in a very similar way to traditional business interruption insurance except the trigger is a cyber incident opposed to a physical one. While third party liability claims tend to be less common in cyber insurance, it is still important to have cover for them under this section. This can help you to maintain good relationships and become a provider trusted for your robustness.
Multiple coverage options for loss of income and expenses to restore operations as a result of an interruption to the computer system of a third party that the you rely on to run their business.
This covers third party claims arising out of a cyber event such as transmission of malware onto a third party’s system. Trojans such as Emotet can use your contacts list to send itself to your clients. Since these emails are coming from your hijacked email account the recipients are more likely to click bad URLs and download files infecting their own systems and becoming a vector to spread the malware themselves.
This section covers failure to prevent an individual’s data being breached. Cyber criminals are able to then sell this information on the dark web. With every breached database, more and more credentials, credit card details, passport information etc. appear for sale.
Cover for costs to draft, send and administer notification communications to those whose data has been stolen, misplaced or compromised. The average cost of a stolen or lost record is $148, Credit monitoring is often also included to ensure those affected are not subject to any fraudulent activity.
This is something that is not necessarily considered in the first instance however bad publicity can have a devastating effect on a brand as in the case of the Talk Talk breach where Dido Harding personally faced strong criticism for her response.
Consumers are becoming more aware than ever of the value of their personal data and how this can be exploited so it is not surprising that 47% of customers would consider no longer using a business due to breach. And research from the Hiscox Cyber Readiness Report 2020 has shown one in eight (13%) businesses have experienced a reduction in business performance indicators such as their share price in 2020 (up from 5% the previous year). So it is easy to see how this seemingly small facet of cover can make a massive difference in saving your brand and your business.
Some insurers provide cover for betterment costs to your system following a cyber incident to reduce the risk of a repeat occurrence.
It is important to note that cyber insurance can help you protect your intellectual property which is crucial to your business but most cyber insurances will not cover losses resulting from the theft of this.