Cyber Insurance is used to protect a businesses balance sheet from both digital and physical cyber risks, and more generally from risks relating to data, and information technology infrastructure.
A basic Cyber Insurance policy provides 3 areas of cover:
This involves the expenses of an investigation by third parties to establish the extent of a cyber event; consultation on how to manage legal and regulatory issues; notification management via a crisis communication strategy; the establishment of a call center to field queries; and the provision of credit monitoring.
This covers defence costs arising from data protection obligations in respect of a regulatory investigation, and any data protection fines (where insurable by law) that the company is legally liable to pay in respect of such regulatory investigation with regards to a breach of data protection legislation.
Affected individuals or businesses will bring claims or written demands for a failure to protect their information, seek compensation for financial losses from hacking, or damages from theft of identity. Cyber Insurance can provide defence costs and any resulting damages from multi-jurisdictional claims.
This takes into account the increased operational costs and reduction in profits as a result of a cyber event. This is known as non-physical damage business interruption, which is excluded from property insurance.
If an organsiation is answerable to the Payment Card Industry Data Security Standards (PCI DSS) there can be heavy penalties in the event of a breach. These costs can be covered by this extension to coverage.
Should a third party service provider suffer a cyber event that impacts the businesses networks, systems or data then this extension can provide invaluable protection for resulting costs, expenses and lost profits.
It is not just cyber security events that can be covered by Cyber Insurance, it is also possible to cover System Failure events. These can result in significant costs and expenses to rectify, claims from customers, loss of profits as well as damage to reputation.
Extortion events are increasing exponentially, with the rise of data ransoming and cyber squatting, costs in managing a cyber-extortion situation, and the ransom itself is a critical element of Cyber Insurance.
Damages and defence costs incurred in connection with a breach of third party intellectual property, or negligence in connection with electronic content is a coverage which Cyber Insurance provides.
Cyber Essentials is a UK Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Implementation of Cyber Essentials controls can significantly reduce the risk of prevalent but unskilled cyber-attack. There are two types of certification:
Requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
Offers a higher level of assurance through the external testing of the organisation’s cyber security approach.
The UK Government have nominated 4 Accrediting bodies to provide certifications to the cyber essentials scheme. Elmore works with APMG, CREST, and QG Standards. Each accreditation body has a list of agreed certifying bodies that validate the application process.
To get a Cyber Essentials Certificate, Elmore have affiliation with a number of Certification bodies. To learn more about this proccess, get in touch.Get Cyber Essentials
Cyber Essentials sets out five security controls which will help all organisations protect themselves against the most common cyber threats. Take this quick test to give you an idea of how you measure up. You can then decide whether to apply for one of the Cyber Essentials badges.Measure my cyber security
Use the UK Information Commissioner’s Office (ICO) toolkit to assess your compliance with the UK Data Protection Act and help you improve and promote information rights practices in your organisation. Please note the toolkit does not store user responses.Measure my data compliance