Insurance companies are beginning to offer cyber insurance as a standard service to businesses. But, what does cyber liability insurance cover, and why should organisations doing business online consider taking out appropriate protection?
Cyber insurance, or cyber liability insurance is designed to cover the modern day risks associated with electronic data, communications and information. Most businesses are reliant on computers, software and electronic devices for processing and transmitting data. This makes you vulnerable to data breaches, distortion or loss, libel or slander, copyright, viruses, hacking, etc. The source of the problem does not have to be external hackers or viruses, it could be your own staff accidentally losing or deliberately stealing data or equipment.
What does Cyber Insurance cover?
Cyber Insurance can cover you for first party losses (damage or loss of your own data, etc) and third party losses (damage or loss to someone else's data, etc).
The cyber insurance risk can further be split into two main areas:
Unauthorised use of your network and / or the theft of data. This can be committed by external hackers, employees, ex-employees, contractors, etc and can result in damage to your network and software, loss of data, theft of data, corruption of data, fraud, website damage, viruses on your network or spread of viruses to other networks.
- Disclosure or theft of private or personal information. This can be deliberate or accidental and can result in breach of government, governing body or industry regulations
"Every day, all around the world, thousands of IT Systems are compromised. Some are attacked purely for the kudos of doing so, others for political motives but most commonly they are attacked to steal money or commercial secrets. My experience suggests that in practice, few companies have got this right."
"And if your company doesn't have it right, your IT systems might already have been compromised, attackers could already have your new product plans, bidding position or research; they may already be running your process control systems!"
Why do I need Cyber Insurance?
If your business suffers a cyber security or personal information breach the results could be catastrophic. The obvious cyber liability fear would be the loss of your own data but there are also the consequences of losing a customer's data or contaminating them with a virus. Then, just as devastating, would be the loss of trust, loss of reputation and legal penalties you could face.
What will Cyber Insurance pay for?
A comprehensive cyber insurance policy can cover damages and defence costs following a breach of data, contamination of third party data, theft of data, fines and penalties and third party intellectual property. It can also cover costs of extortion, loss of profits, notifying customers and reputation management. Therefore, more and more businesses carrying out risk assessments are realising the importance of cyber insurance.
Why should your supply chain have Cyber Insurance?
You can control your own business to minimise your exposure, but what about those businesses your work and trade with? Your supply chain might be the back door which lets viruses in and data out. A sensible move is to request that businesses in your supply chain also take out cyber insurance that will pay out if they damage your business. You may also want to see evidence of their safe cyber security procedures, which can be evidenced by accreditations such as IASME.
What can be done to reduce cyber threats?
Sensible electronic, physical and cultural steps should be taken within your business to minimise the risk. Working towards the IASME certification is a very achievable way of improving security and demonstrating to others that you are a safe company to do business with. GCHQ has recently released a publication called "10 steps to cyber security"