Cyber Insurance

With a number of high-profile data breaches and ransomware attacks constantly hitting the headlines (such as 2017’s WannaCry and NotPetya attacks), it has never been more important for businesses of all sizes to consider cyber insurance products.

With the global cyber insurance market projected to be worth $15bn by 2022, as a business owner, it’s important that you have the correct cyber insurance cover in place to give your data and IT equipment the protection that it deserves.

Read on to find out how HISL Brokers Limited can help to protect your business with stand-alone cyber insurance policy. 

Your expert Gateway to the Lloyd's and London Market

What is cyber insurance?

Cyber insurance provides protection in the event that data breaches or malicious cyber hacks affect your computer systems and networks. It is also known as cyber liability insurance or cyber risk insurance.

As a business owner you are responsible for the cyber security of your business and having a policy in place can ensure you’re protected if the unthinkable happens. Just think, if an attack occurred, would you be able to cover the risks of business interruption, loss of income, the cost of repairing damaged software, or even the damage to your reputation and regulatory enforcement?

Do I need cyber insurance?

Regardless of whether you are operating as a sole trader or you are the owner of an SME or a much larger operation, having cyber insurance in place will help to ensure that your business can continue operating in the event of a cyber-attack taking place.

In today’s world, it’s likely that businesses of any size will rely on a certain amount of IT infrastructure in order to operate, and will use, send or store electronic data. As this is likely to be sensitive in nature (especially if it relates to customer information and banking details), your business could benefit from the financial protection that cyber insurance provides, especially if things do go wrong and you are unfortunately the victim of a cyber-attack or data breach.

Types of cyber insurance policies

If you are the unfortunate victim of a cyber-attack and have a cyber insurance policy in place, your insurer is likely to provide cover for the financial and reputational costs of the first-party (the business involved) and third-party (claims made against you).

A typical cyber insurance policy can provide cover for the following:

Your business:

  • The cost of investigating the cyber-crime that has taken place.
  • Recovering any data lost in the breach.
  • Restoring your computer systems and network.
  • Any loss of income that occurs as a result of the business not being able to operate.
  • Extortion payments demanded by hackers.
  • Reputation management.
  • Theft of any money or digital assets.
  • The cost of educating and training your staff in order to avoid the risk of further cyber-attacks in the future.
  • Installing a new or upgraded cyber security system.

Third-party claims:

  • The cost of legally defending yourself against GDPR breach claims.
  • The cost of damages and settlements.
  • Loss of third-party data.

These are just examples of some of the types of cyber insurance policies that we look after at HISL Brokers Limited. As we know that no two businesses are the same, speak to us today to find out which policies will best meet your needs.

The cost of cyber insurance

At HISL Brokers Limited we understand that cost is important to your business, but it is crucial to ensure that you are properly protected in line with the risks your business faces. With that in mind, we will take the time to understand the specific needs of your business and recommend the amount of cover that is best suited to you.

What else do I need to know about cyber insurance?

There are several types of online criminal activity that could affect your business’ ability to stay afloat. These types of cyber-crimes include:

  • Malware: This is a type of malicious software that is usually installed on your system via a phishing scam, as well as software vulnerabilities being exploited. After it has been installed and your system has been infected, the cyber hacker will be able to steal your private or sensitive data, as well as spy on your online activities.
  • Ransomware: This is a specific type of malware that will encrypt data after attacking your computer system. Following this, the cyber hacker will demand that you make a ransom payment for the data to be returned.
  • Hacking: This involves the complete or partial acquisition of a computer system in order to access data.

 

As part of your cyber liability policy you may be required to create a cyber-risk profile. This will show your insurer what your current cyber security situation is, so that they have a better understanding of your threat level and what you may need to claim for, and may include any expenses you would incur in the event of a hack, or third-party costs as part of the subsequent investigation.

It is also important to be aware that although a cyber-crime insurance policy can help to make the recovery process following a data breach more straightforward, it may still take several days, weeks or even months for your business to completely get back to normal. Luckily, many insurers offer technical assistance as part of their cyber insurance policies in order to give you a helping hand at what is likely to be a stressful time.

How can I get cyber insurance?

HISL Brokers Limited have a team of specialist advisers ready to help you get the right protection in place for your business.  

We will take the time to understand the specific needs of your business and are committed to delivering a completely personalised service, ensuring that you have the best possible cover at the best possible price.

To find out how much peace of mind costs, contact Paul Kerner and team by calling: (0)20 7220 9020.

For a greater understanding of how the policy is constructed please see the following breakdown.

3rd Party cyber

Covering our insured in respect of damages/costs incurred in respect of claims for failure to protect against a computer network attack, transmission of a virus and/or unauthorised access.

Claims example(s):-

A large retail group had its gateway server accessed when a hacker stole credentials from a third party vendor. It was reported that, by using malware, hackers stole data from up to 40 million finance card holders – names, card numbers, card expiry dates and security codes

A HR recruitment company accidently attached the wrong file when sending an email to four job applicants- the file included demographic data comprising of over 40,000 former employee names, addresses and ID numbers. The claim took the format of loss following a privacy breach (in some cases this falls under an E&O policy however in this particular instance the loss was paid under the cyber policy)

Hackers gained unauthorised access to account information located on a school district’s network due to an unknown vulnerability. The account information included names, email addresses, national ID numbers, and financial account information of 20,000 past and present faculty and students. After multiple students and teachers reported suspicious activity on their email, IT discovered that an unauthorised user was in the system.

1st Party cyber

If an insured suffers a hack / data breach it takes time and money to fix; it disrupts business, leads to lost revenue and can lead to a regulatory fine. This can be protected against.

Claims example:-

Hackers accessed an insured computer system and encrypted a number of folders. A ransom demand was made. Insurers responded by sending in a forensic IT firm to investigate the breach and restore the network. In this instance it was a restaurant that was hacked preventing them for accessing their point of sale registers but this could happen in any field eg hospitals, banks, dentists, law firms

A loan aggregator suffered a denial of service attack which crippled its website for several days leaving it unable to trade. This presented a business interruption claim, costs for IT contractors to restore the systems and a PR nightmare! Insurance helped to mitigate each of these adverse events

An employee of a components manufacturing company clicked on a malicious link in an email and malware was downloaded onto the company server, encrypting all information. A message appeared on the employee’s computer demanding payment to be paid by Bitcoin within 48 hours in exchange for the decryption key

A law firm’s network was hacked which put sensitive client information potentially at risk including; a public company’s acquisition target, another public company’s prospective patent technology, the draft prospectus of a venture capital client, and a number of class-action lists containing plaintiffs’ personally identifiable information. The firm then received a call requesting payment to not sell the information on the black market. This could also form part of a 3rd party cyber claim however the first party cover dealt with the matter.