Cyber risk is here now - do not let someone ruin your business through malicious intent or by accident.
We used to deliver our letters by horse in the 1800’s. Then, as time passed, more by train, by car, and by plane. Way back in the early 1990’s you may have sent and received less than 10 letters in day, plus the odd fax here and there. Now, you could be sending and receiving a huge number of messages at work via predominantly emails (pick a number - 50, 100 or ?) in a day.
This increase in the volume of communication is incredible. The world has changed, and with it, the IT revolution is now in full cycle. This is good, but what risks are entailed with all this communication and digital data held by you. ‘Business information’ is close to the most important asset of a business i.e. how you do, what you do, your client information, your supplier information are all parts of this information. An accompanying factor to this, is how do you keep this. For nearly all businesses, this information is kept “as data within a computer”.
To reduce the risk on holding this date, appropriate IT Data Security and proper back-ups are important. However, an employee receiving an email which appears to be from their bank, or clicking on an advertisement on websites of Disney, Facebook or newspaper site(1) whilst at work on your server can decimate the precautions put in place, and allow ‘malware’ into your system with ramifications.
The resultant exposures of losing control on your data, can include:
If you are in business you need to be in business – not out of business, paying ransoms, using up your management time, and paying IT consultants on a reactive (not proactive) basis.
We have had normal clients affected by this issue. This ABC 7.30 Report video (2) [Link: http://www.abc.net.au/7.30/content/2012/s3597812.htm on the words ABC 7.30 Report video] makes for enlightening viewing . During the video, CERT Australia (government body assisting on cyber security issues) makes an important statement about what is happening in Australia:
“What we have seen over the last year is an increase in the number of incidents – about 5,000 in the last year alone, which is about 130 a week.”
Cyber Insurance is definitely a newer form of insurance, but it is one, that businesses in 2016 need to be aware of.
If you can control computer crime and computer attacks by third parties, and administrative, operational mistakes or malicious actions by employees and third party providers, there is no real need for you to have this insurance. If not, then read on.
Cyber risk comes in the following forms:
Our preference is to simple call this Cyber insurance, because the exposures from Cyber encompass First Party, Third Party, and Loss of Income exposures and the risk itself should be looked at in it’s totality.
As a wise man once said:
“A computer lets you make more mistakes faster than any invention in human
history- with the possible exception of handguns and tequila.”
Cyber insurance protects you first and foremost in two major areas.
Loss or damage to digital assets and the resultant costs incurred in restoring, updating, recreating or replacing lost or damaged data.
Business interruption and extra expense covering lost income, investigation and mitigation expenses caused by network interruption, degradation or failure (see below for more info).
Other major benefits are covering your costs of extortion monies following a direct extortion demand including threats to your network, digital assets or integrity of your customer data.
Representational cover (PR firms do cost) following a public report which damages your businesses reputation, will be covered as well.
Loss of income as a result of a Cyber attack is a major reason why Cyber insurance should be taken.
Under your standard business property policy, there is a requirement called a “damage provision”. For this cover to pay, and insured event eg Fire, Storm must occur first.
With Cyber attacks, none of this happens, hence your traditional property policy does not respond.
What you do need is a properly structured Cyber policy.
If the insured infringes a third party’s intellectual property rights, unintentionally defames them, breaches their privacy or is negligent in the publication of any content in electronic or print media, the policy will pay defence costs as well as any civil damages.
Expenses associated with a large data breach include:
It is clear that cyber risks are not intended be covered on traditional policies and also a review of various classes of traditional insurance policies shows there are numerous gaps in coverage (e.g. scope, definitions, exclusions etc.) for cyber risks.
Below are some examples why a separate Cyber policy is required:
Traditional insurance policies do not cover or respond to cyber risk.
This in turn leaves businesses exposed.
To become unexposed, talk to Business Insurance Specialists.