One Policy Can Help You Avoid It
For years, security professionals have been saying “either you have been data breached or you just do not know that you have been data breached.”
In today’s data-driven world organizations of all sizes have had a cyber attack or data breach and the average cost to rectify a breach has risen to $5.4 million. Just one stolen laptop, one resourceful hacker, one virus or even one lost paper record can create enormous financial and reputational consequences for your business.
It’s not a question of if your organization will suffer a breach, but when.
How can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them?
The option of choice is to buy insurance.
Cyber Liability Insurance Cover (CLIC) has been available in the market for around 15 years, however most security professionals seem unlikely to have heard of it or know that it exists.
As the expense of dealing with a breach gets higher, the option of using CLIC becomes more attractive for many businesses, in much the same way that existing business insurance policies for fire, flood and theft are vital in their risk management planning.
In a recent report by Airmic www.airmic.com “Airmic Review of Recent Developments in the Cyber Insurance Market” the need for cyber risk insurance is put forward:
“Almost every organization is exposed to loss resulting from damage or destruction of its computers and computer networks, including any resulting loss of income or business interruption and/or increased cost of operation. Risks and potential losses associated with the use of computers can arise from first-party exposures and third-party exposures.
Historically, insurance policies such as property, liability and crime have not fully covered the risks associated with the IT infrastructure of the organization or the risks associated with non-tangible assets, such as data. However, with the growing dependency on technology and the heightened threat of unauthorized access to information, cyber risks have increased significantly and the insurance market has responded to these changes.
Many consider that cyber insurance is a relatively new, although well-established, product in the insurance market. Whilst this may be true, cyber insurance products are developing rapidly to address the evolving nature of cyber risks. It is often suggested that there is a similarity between the way in which cyber risk policies are developing and the development of Directors’ and Officers’ Liability (D&O) insurance during the 1980s and beyond.
There is increasing awareness in organizations of their liability for cyber risk exposures. As awareness increases, organizations are realizing that cyber risks are not solely concerned with the loss or unauthorized disclosure of personal data or information. There is a wide range of cyber risks, including those associated with business interruption and denial of service. Organizations need to take account of a broad agenda of cyber risks and then evaluate the potential for using insurance as a control mechanism.
Given that cyber risk exposures are increasingly important for organizations and given that the insurance market is keen to develop new products, this is an important time for Airmic to be undertaking this work. Also, there is an over-riding need for insurance buyers to liaise more closely with insurance providers to ensure that the products developed are fully relevant to the needs of large insurance buyers, such as Airmic members.”
A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss no matter how it was caused and up to the full policy limits.
TEN REASONS why you most probably need cyber liability insurance:
- Data is one of your most important assets yet it is not covered by standard property insurance policies
Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realize that a standard property policy would not respond in the event that this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss no matter how it was caused and up to the full policy limits.
- Systems are critical to operating your day-to-day business but their downtime is not covered by standard business interruption insurance
All businesses rely on systems to conduct their core business, from electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a “nonphysical” peril like a computer virus or denial of service attack.
- Cyber crime is the fastest growing crime in the world, but most attacks are not covered by standard property, business interruption, liability or crime insurance policies
New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses.
- Third party data is valuable and you can be held liable if you lose it
We all hold more data than ever before and often this data belongs to our customers and suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims in the event that you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data. This risk is further heightened in the event that you hold any data on US consumers.
- Retailers face severe penalties if they lose credit card data
Global credit card crime is worth over $7.5bn and increasingly this risk is being transferred to the retailers that lose the data. Under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, credit card reissuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs.
- Complying with breach notification laws costs time and money
Breach notification laws are slowly being introduced across many different countries. These generally require businesses that lose sensitive personal data to provide written notification to those individuals that were potentially affected. Even though a legal obligation to notify only currently exists in some countries, this is changing and there is a growing trend towards voluntary notification in order to protect your brand and reputation. Customers who have had their data compromised expect openness and transparency from the businesses they entrusted it with. Cyber policies can provide cover for the costs associated with providing a breach notice even if it is not legally required.
- Your reputation is your number one asset, so why not insure it ?
Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a PR firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors.
- Social media usage is at an all-time high and claims are on the rise
Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightning speed and exposed to the world.. But often there is little control exercised over what is said and how it is presented, and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement.
- Portable devices increases the risk of a loss or theft
The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a train, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus.
- It’s not just big businesses being targeted by hackers, but lots of small ones too
Whilst the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss. In fact, over a third of global targeted attacks were aimed at businesses with less than 250 employees. Cyber attacks are quickly becoming one of the greatest risks faced by smaller companies, making cyber liability insurance a must. It can help protect smaller companies against the potentially crippling financial effects of a privacy breach or data loss.
What is cyber liability insurance cover (CLIC) ?
The term “cyber liability insurance cover” is often used to describe a range of covers – in very much the same way that the word cyber is used to describe a broad range of information security related tools, processes and services.
Cyber liability insurance cover can include;
Data breach/privacy crisis management cover. For example, expenses related to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines.
Multimedia/Media liability cover. Third-party damages covered can include specific defacement of website and intellectual property rights infringement. Extortion liability cover. Typically, losses due to a threat of extortion, professional fees related to dealing with the extortion.
Network security liability. Third-party damages as a result of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.
How to buy cyber liability insurance cover
Start with the basics
For many insurers and even for brokers, the technicalities of information security and the details of how to deal with a data breach are still a mystery. The market for cyber liability products is also in its infancy, so be prepared to work with your provider to ensure that you get what you actually require.
Getting the right broker is important. A good specialist broker will save you time in determining what is right for your business, remembering that this may not be the broker you are currently using for your non-cyber risks.
Selecting the right policy for your business, business model, industry, size, exposures and so forth is a very complex exercise, which is why a specialist broker is important, as they are likely to know the best products to suit your needs.
It is important to understand the support you receive as part of the cover. Remember that your organization may not have the people or experience to manage a data breach incident. So third-party suppliers can often be a better route to take.
How we can keep you protected
At EXL, maybe one of the saddest moments in the course of our business is when a client who did not have cyber insurance has suffered a data breach (perhaps we didn’t press hard enough, so sorry!). When data are lost, it’s gone, lost for ever. When personal information falls to the wrong hands, people’s bank accounts, identities, sometimes even lives, can be put in jeopardy. Just imagine medical records.
We offer a wide range of risk consulting and insurance services in order to assist companies plan, manage, and mitigate exposures relating to cyber risks, either across the office or across the globe.
In our decades-long careers, both individually and collectively, we have learned the importance of listening. We need to take a long, hard look at your IT business in order to negotiate on your behalf the best coverage for your needs at the most affordable cost in the international market. We will stick to a mutually agreeable service plan and should you become eligible for a claim our experience and industry expertise ensures that you will be properly represented, and your interests fully protected. Mind you, we work for you, not for the insurance company.
Cyber risks protection is a cops and robbers “game”, a never-ending struggle.
Unfortunately, robbers are in the lead – some say, they are the same people who produce computer security software.
We say, cyber insurance completes your protection and most likely you shouldn’t be without, but we would like to hear from you.