Understanding the implications of Cyber Insurance
One of the most frequent questions received by CCW Global in relation to corporate risk management is “what is Cyber Insurance, and why do we need it?” Organizations will understand why Employee’s Compensation Coverage, Professional Indemnity Insurance, and Public Liability protection are needed for the business – these covers are part of the routine risk management process and due diligence that businesses will implement in order to protect themselves against losses.
Cyber Insurance, however, is a relatively new development. Bridging the gap between traditional industrial age liability and indemnity exposures, Cyber Insurance has only really started to come onto the global insurance market in the last decade to face the growing risks of an always-on interconnected business environment. Worryingly, whilst 50% of corporate CEOs consider that they have adequate protection against a cyber event, analysis of their insurance cover indicates that only 10% in fact have the protection they believed.
From back office networks and services, CRM services, Internet of Things (IoT) implementation, and global financial platforms, through to cloud-based efficiency software, and personal mobile computing devices, most businesses rely heavily on technology as part of their daily operations. While most IT departments are well aware of the challenge faced by malware, ransomware, and malicious hacking events, dealing with these events is often an unknown – at least until an organization is the victim of a cyber-crime.
Cyber Insurance products are designed as robust multi-faceted solutions to provide pre- and post-incident support to businesses against the growing threat of cyber events (whether intentional or inadvertent) and ensure operational continuity throughout any cyber event.
So what does Cyber Insurance look like?
Tailored coverage solutions based on business needs
Cyber Insurance products, as they currently exist in the Asian market, are not “one size fits all” policies. A cyber insurance plan should be tailored to meet the specific needs of an organization with premiums based on the comprehensiveness of the coverage, the annual revenue of the organization being covered, and the industry that organisation is in.
Choosing coverage benefits
Depending on a company’s needs, a single cyber insurance product can be a single benefit policy or include all possible covers against all possible cyber events that the business may face.
Coverage benefits on offer through a number of international insurance companies include:
> Business Interruption
> Data Loss and Restoration
> Incident Response and Investigation
> Legal Costs, including contractual indemnity
> Crisis Communications and corresponding costs
> Data Liability
> Privacy Liability
> Network and Data Extortion
> Regulatory Enforcement costs
Depending on the type of business being covered, some of these coverage benefits may not be needed, while others will prove especially valuable.
It is important to be aware that a cyber breach can in certain circumstances lead to physical loss or damage; there have been examples of this in various parts of the world. Most cyber policies exclude liability for property damage and personal injury but some physical damage policies exclude liability for cyber related losses. It is important, therefore, that risk managers make sure that there is not a gap in coverage in their insurance cover.
Real world implications for cyber concerns
In an ever-connected digital business environment, cyber insurance can be triggered by real world non-cyber incidents. A senior executive having their smartphone or laptop stolen can be a concern which, traditionally, has not been insured outside of normal property insurance policies.
However, if the stolen device has sensitive corporate data on it, there is the possibility that this could be leaked to criminals, competitors, or even the general public. Under the most robust Cyber Insurance plans a real world situation such as the theft of a valuable corporate device can lead to coverage being triggered under a range of benefits (including Data Liability, Privacy Liability, and Business Interruption).
Comprehensive 24/7/365 incident management
Most companies are not in the business of IT/Cyber event management. That is to say that dealing with the impact of a cyber event (like ransom ware being found on a corporate server, or a malicious hack that steals customer data) is not their normal business activity.
Cyber Insurance products are now providing comprehensive cyber event management support systems which can operate globally and are available through dedicated support lines with experienced claims handlers and emergency crisis management teams.
This is a core aspect of the evolution of Cyber Insurance away from simple hacking indemnity and ensures that the business is able to manage the incident effectively. Whether customer data has been stolen or the internal network is being held to ransom, the assistance provided by the product to enable the business to receive expert help from leading Forensic Investigators, Publicity Firms, and necessary Legal Expenses ensure that navigating the aftermath of a cyber attack is as efficient as possible.
Cyber insurance is not professional indemnity coverage
It is important to note that Cyber Insurance is not a form of digital Professional Indemnity Insurance. This means that a cyber insurance plan is not able to indemnify a business from claims of errors or omissions – a specific digital PI policy is needed outside of a cyber policy to cover these types of claims.
Why is cyber insurance necessary?
With the range of options available to willing and dedicated cyber criminals, it is a fact of life in the modern world that most businesses, at some point or other, will be the target of a cyber event. Whether that attack is successful or not can be determined by the comprehensiveness of the IT solutions the company has put in place and the robustness of the cyber management plan being implemented.
Unfortunately, a successful Cyber Attack can be crippling – especially from financial and reputational standpoints. Cyber Insurance is intended to supplement front line defenses by ensuring that support and financial assistance are available in a worst case scenario where an attack is successful. The average total cost of a cyber breach incident is currently estimated to be US$4 million; some predict it will exceed US$150 million by 2020. Losses and liabilities of this extent can very easily be business-ending events. So while you never want to bring a claim under your policy, knowing that you can will be invaluable should the need arise.
CCW Global Insurance is an expert Hong Kong Insurance Broker, providing a comprehensive range of insurance coverage options (including cyber-risk) to businesses globally, and locally in the HKSAR. http://hk.ccw-global.com/business-insurance/cyber-risks/