The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored.
The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in a digital environment rather than in the physical world and cyber crime has never been more financially rewarding.
Cyber risk and cyber exposure exists for every business that uses technology and connects to any form of information systems and networks. Size of business, industry factors and reliance on technology for critical operations can increase cyber risk vulnerability, but no business is immune. Managers are faced with the challenge of protecting against cyber risk and implementing strategies and procedures to safeguard against the potential loss and damage suffered in a cyber event.
Cyber risk management is a holistic approach to evaluating and measuring the potential impact of cyber threats and strategically establishing a set of actions, policies and tools to combat and manage these so as to minimise the potential business impact.
In creating a risk management profile, an organisation can chose to take steps to minimize the risk, can seek to transfer the risk or can accept the risk and prepare to deal with it.
The most effective way to transfer cyber risk is by purchasing a specific stand-alone cyber insurance policy.
Cyber insurance is necessary because other traditional insurance policies are not designed to respond to the new technology threats. The benefit of cyber insurance is that it provides specific support in covering expenses incurred due to a cyber event and also assists in guiding incident response and ongoing risk mitigation practices.
Most cyber policies provide two types of basic cover – first party cover for the insured’s own financial loss arising from the cyber event and third party liability cover for any liability the insured has to others arising out of the cyber event. The vast majority of cyber claims will fall within the first party cover section of the policy – but it is important to ensure you are covered for both .
Unlike other traditional policies, cyber insurance policies are often segmented and consist of a number of different kinds of coverage areas.
Typical first party insuring coverages usually include:
- Incident Response: This would generally cover the expenses incurred in responding to the incident such as hiring an Incident Response Manager, an IT forensic specialist or getting legal advice relation to data breaches or regulatory requirements.
- Cyber Extortion: This will cover money paid to a cyber criminal trying to extort money from the insured by threatening to expose or destroy data after having infiltrated the insured’s information systems.
- System Damage and Data and System Recovery: The cost of repairing damage to systems, data and applications which have been damaged due to a cyber event
- Business Interruption: This coverage will reimburse the business for the loss of profits or the increased cost of working due to the cyber event and the interruption to normal business operations.
Third party coverage can include:
- Privacy and Network Security Liability: This would cover loss caused to a third party by the transmission of malware to a third party’s information systems or when the data of another is breached.
- Media Liability: Covers third party claims for defamation or breach of intellectual property rights and other improper online media activity.
- Regulatory Fines: This would cover penalties or fines imposed by a Regulator due to a data breach
A series of additional coverages can also be purchased for extra premium. Some of these might be: coverage for betterment costs to IT systems, cover for telcom fraud, reward expenses coverage and extended incident response coverage.
Every insurer offers different coverages and extensions in their cyber insurance policies and it is important to review the terms and conditions and ensure your business has the specific cover it needs.
Cyber attacks can result in devastating damage. Cyber insurance is a great first step in helping manage cyber exposure and transferring some of that cyber risk to others.
As founder and CEO of Cybersafe Legal, Gillian Collins relies on her extensive experience working in the corporate sector utilising both her legal and insurance skills.
In recent years Gillian has developed a deep and enduring interest and curiosity for cyber risk, cyber insurance and information security. She has studied cybersecurity through the Kennedy Business School at Harvard University and now offers recognised expertise in cyber awareness programs, cyber insurance, cybersecurity risk mitigation and incident response and corporate governance.