Technology, social media and transactions over the Internet play key roles in how most organizations conduct business and reach out to prospective customers today. Those vehicles also serve as gateways to cyberattacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation states, cyberattacks are likely to occur and can cause moderate to severe losses for organizations large and small. As part of a risk management plan, organizations routinely must decide which risks to avoid, accept, control or transfer. Transferring risk is where cyber insurance comes into play.
Cyber insurance responds to for both first and third parties losses triggered by a cyber attack giving rise to either a security event or a privacy event. This insurance also covers the costs of defending any third party claims. There are a range of potential losses from a cyber incident which include:
- Forensic investigation costs
- Data and/or software restoration
- Legal costs
- Crisis management
- Business interruption
- Direct financial losses
Any organisation could be vulnerable to a data breach or loss of services if they:
- Hold sensitive customer data
- Personally Identifiable Information (PII)
- Protected Health Information (PHI)
- Payment Card Information (PCI)
- Are reliant on computer systems to conduct business operations
- Have a website
The numbers indicate that organizations are seeing a need for cyber insurance, but what does it cover? Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:
- Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
- Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
- Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
- Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.
Talk to us about Cyber Insurance
If you need advice on Cyber Insurance, get in touch today.