Our reliance on all things digital and the ever-growing interconnectivity of devices and operating systems is resulting in a convergence of risks. More and more information is being created and stored online increasing the opportunity for a cyber incident. This emerging risk will continue to develop and evolve as individuals and organisations utilise technology both at home and at work to improve communication and processes.
Cover for the costs associated with responding to a regulatory investigation (such as GDPR) arising out of a privacy event. This may include legal advice, notification costs, defence of regulatory action etc. The accompanying fines will be covered to the extent they are insurable by law.
The inability of a business to operate as a result of a cyber incident can be ruinous. The business interruption cover under a cyber policy helps to alleviate this effect by covering the loss of income and extra expense as a result of a security failure.
Cyber extortion has grown to be one of the most prolific type of attacks on businesses. A cyber insurance policy will cover the costs and expenses associated with an extortion event (e.g. Ransomware).
Many businesses are driven by the data that they hold. A cyber policy can cover the recreation or restoration of electronic data following a cyber incident.
Cover for claims from a third-party alleging infringement, libel, slander, copyright etc. resulting from online content disseminated by a company.
A policy will provide cover for any litigation arising from a cyber incident whereby confidential information has been disclosed or someone has gained unauthorised access resulting in a breach.
The way in which an organisation responds to a cyber event is critical in helping to ease and mitigate the potential implications. A cyber policy will include a variety of post incident services aimed at helping to steer a business through the crisis seeking to minimise damage to the balance sheet, consumers, and reputation.
These services may include:
Notification services, legal services, crisis management, PR, credit monitoring, forensic consultants.
Cyber insurance is designed to protect businesses from both online and offline cyber threats. It provides businesses with the vital support needed in a time of crisis to help mitigate the immediate effects of a cyber incident and to help a business back to its feet again.
Cyber risk is now accepted as a business risk. Whether you hold sensitive information (names, address or banking information) on your employees and clients or rely on computer systems to operate your business you are at risk of falling victim to a cyber incident.
Purchasing cyber insurance can demonstrate to clients and regulators that you are taking a robust approach to security and a mature approach to protecting your business. As cyber incidents become more prevalent, firms will be expected to have certain levels of protection in place and cyber insurance is a key component.
Cyber insurance and cyber security are very much complementary measures of a business’ cyber resilience. Neither one should be used in place of the other but rather applied in parallel to ensure the maximum protection.
Cyber incidents are not the preserve of financial institutions or large corporations. Increasingly small and medium size businesses are just as much at risk if not more so due to their often weaker cyber security and lower cyber awareness.