The Handbook for Cyber Insurance

Cyber Insurance protects both individuals and business from the devastating financial consequences of a cyber attack. Cyber risk is increasing due the massive explosion in IT Data. The resultant data breaches are now becoming a regular event and a cyber insurance policy will protect you against Cyber liability and other costs.

The increase in the volume of IT Data known as Digital Assets and the communication over the internet we have had in the past twenty years has been extraordinary. This is good, but the risks entailed with all this communication and digital data is sometimes not fully appreciated.

Both business and personal information is close to the most important asset of a business or individual as it shows a roadmap of your business or life. Data provides details of what you do, how you do things, your customers or suppliers information, and your own personal and friends lives.

We keep all this data in our computer, laptop, mobile phone or in the cloud.

Cyber Insurance video

To gain an initial better and quick understanding of Cyber insurance, watch this video below.

What are examples of Cyber Risks?

The financial costs of losing control on your data through either malicious or accidental actions include:

  • Your data being used maliciously - this could be done by someone external or even internal to an organisation.
  • Loss of income through not having access to the data
  • Having your data held to ransom with resultant extortion and negotiation costs, remembering that the person you are negotiating with, does not care about you or your situation
  • IT Consultant costs - to identify the issue, rectify it, and mitigate the chance of it happening again.
  • Public Relation costs to rebuild your business, brand and reputation
  • Potential Third Party claims from persons including your clients or suppliers, from your data being held and used fraudulently by the criminal party
  • Legislative government and regulatory requirement costs
  • Credit monitoring costs to monitor both your own and any client data lost or stolen
  • Cyber attacks from third parties, and administrative errors in-house are becoming regular everyday events which can and do leave both businesses and individuals in financial difficulty.
    .

What are different names for Cyber Insurance?

Cyber coverage is evolving as a relatively new type of insurance and has been called different terms such as:

  • Cyber Crime
  • Cyber Security
  • Cyber Liability
  • Privacy Protection

Our preference is to simple call this Cyber insurance as the exposures from Cyber encompass First Party, Third Party, and Loss of Income exposures and the risk itself should be looked at in totality.

What types of risk does a Cyber policy cover?

Cyber insurance coverage provides coverage for your own First Party costs, resultant Business Interruption loss of income, and Third Party liability and Regulatory costs and fines.

First Party Loss

First Party cyber insurance protects you as a result of a data breach. This includes immediate guidance on how to respond to a Data Breach.

Cyber insurance policies provide 24/7 assistance to you. Both your own internal or appointed IT consultant and the insurer’s IT Cyber Security expert can act immediately knowing that your costs relating to the incident are insured.

These costs can include:

  • IT Forensic costs
  • Recovering or replacing data records
  • Cyber extortion or ransom
  • Public Relations and Crisis Management costs
  • Credit monitoring costs of you and others
  • Costs arising from working with Government regulator investigations
    .
Loss of Income

Loss of income as a result of a Cyber attack is a major reason why Cyber insurance should be taken. Business interruption and extra expenses covers your lost income, investigation and mitigation expenses.

Depending on the nature of the breach, lost productivity can also occur due to your IT being pulled off one of your existing projects to help identify the source of a breach and assisting in fix it.

Third Party Costs

Businesses are responsible for the data they hold and maintain. If the data of others, being Third Parties, is affected the business can find itself under pressure from both clients, suppliers and government agencies.

Third Party Cyber protects businesses from legal damages and costs associated with a Cyber incident. These costs can be for:

  • Intellectual Property Right infringements
  • Breach of Privacy
  • Breach of Confidential Information
    .

Do my other insurance policies cover me for Cyber or Data loss?

In short, they do not provide Cyber cover.

Due to the nature of a Cyber or Data loss, other insurance policies you normally have such as Business, Liability, Breakdown, Directors and Officers (Management Liability) and Crime do not provide this cover. Cyber risks are covered by a Cyber policy, and not covered by your other traditional insurance policies.

Explanations as to why your traditional policies do not provide this coverage are provided here.

Business

Business policies restrict coverage to Damage and/or Loss of use of tangible physical property resulting from an insured peril. If an insured peril has occurred, this allows the business to also claim for loss of income. Typical insured perils are Fire, Storm, Malicious Damage or Theft.

As a Cyber Attack relates to damage or loss of Electronic Data and not physical contents or stock, a business insurance property policy does not provide Cyber cover.

A very standard exclusion in a Business policy reads that the insurer will not be liable for any loss or liability arising out of:

  1. Total or partial destruction, distortion, erasure, corruption, alteration, misuse of Electronic Data
  2. Error in creating, amending, entering, deleting or using Electronic Data, or
  3. Total or partial failure to receive, send, access or use Electronic Data for any time or at all.
    .
Public Liability

Liability policies require either a Property Damage or Personal injury incident to occur to a Third Party. A Cyber Attack by its very nature will not involve actual Property Damage of physical contents or stock or Bodily Injury. Another issue is that Liability insurers have applied Data exclusions that exclude coverage arising from a Cyber event.

Breakdown

Equipment polices do have optional extensions called Reinstatement of Data. This relates to Loss of Data as a result of events such as Fire, Damage or Breakdown, and Computer Virus. A Cyber incident would not be covered.

Crime

Standard crime policies require direct loss through employees stealing monies or tangible property. As data is separate to this, a standard crime policy does not provide this cover.

Management (Directors and Officers) Liability

Management Liability policies provide protection to directors and management for their business decisions in the operation of a business. These policies will also contain data security breach exclusions.

Professional Indemnity

Professional provides cover for a business providing a service as per your business description, for a fee, and a wrongful act occurring. Unless you were a consultant who is giving advice relating to Data Security and your advice was found to be negligent, then a Professional.

Have there been any Class Actions in Australia relating to Cyber Risk?

Australia has just concluded our first class action judgement relating to Cyber Risk. In December, 2019, a Cyber class action was settled for $ 275,000 between NSW Ambulance and all of their 130 employees and contractors with details of this incident provided below.

As a company director, does my Directors and Officer’s insurance insure me for Cyber risk?

It is important to realise that your Directors and Officers Liability policy does not cover Cyber risk, and you do need a separate Cyber policy.

To gain some perspective on the impending issues that will be faced by boards of Australian companies in the near future we refer to the Equifax data breach. This was settled in January, 2020, with the company to spend up to USD 500 million in payments to class members. Additional costs already were USD 1 billion to improve data security, plus credit monitoring retail costs of USD 5 billion.

Can I get personal Cyber Insurance?

You can obtain Cyber insurance under a good Home insurance policy with Identity Theft coverage. Identity Theft is when your identity is stolen and then used for criminal purposes.

In the past, people would steal your identity from your postal box. Now they do this on-line through the internet. Identity Theft is a common issue arising from Data breaches for individuals

To assist in determining if your identity may be at risk of been stolen, we recommend you insert one of your passwords into the following reputable Troy Hunt site - www.haveibeenpwned.com . If your password is located, then someone in the Dark Web may have access to your password and is either most likely using it or will try to use it. We then strongly suggest you change your password(s) immediately and review some password generation software to assist.

Some better home policies do provide cover for Identity Theft (or personal Cyber) cover and depending upon the policy you can be insured for:

  • Costs of notarising affidavits or similar documents for agencies, financial institutions and others
  • Loan application fees for reapplying of loans incorrectly rejected
  • Lost earnings due to time of work in order to complete fraud affidavits
  • Reasonable legal costs to defend yourself against suits by businesses, or collection agencies, or removing criminal or civil judgements, or rectifying consumer credit reports.
    .

Steps to take to reduce Cyber risk?

One of the initial steps to take to reduce your Cyber risk is through taking a Cyber policy.

By having a Cyber policy in place, in the event of an incident, you can take advice from expert Cyber Security consultants who will work with your IT person or team to take control.

We are Cyber insurance broker experts, and can provide a competitive quotation for this cover. Please contact us for a no-obligation quotation.