Cyber Insurance is used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities.
A basic Cyber Insurance policy provides 3 areas of cover:
This involves the expenses of an investigation by third parties to establish the extent of the breach; consultation on how to manage legal and regulatory issues; notification management via a crisis communication strategy; the establishment of a call center to field queries; and the provision of credit monitoring.
This covers defence costs arising from data protection obligations in respect of a regulatory investigation, and any data protection fines (where insurable by law) that the company is legally liable to pay in respect of such regulatory investigation with regards to a breach of data protection legislation.
This tends to impact some months later. Affected individuals or businesses will bring claims or written demands for a failure to protect their information, seek compensation for financial losses from hacking, or damages from theft of identity. Cyber Insurance can provide defence costs and any resulting damages from multi-jurisdictional claims.
There are additional areas of coverage available in a Cyber Insurance policy, not included as standard:
This takes into account the increased operational costs and reduction in profits as a result of a cyber event. This is known as non-physical damage business interruption, which is excluded from property insurance.
If an organsiation is answerable to the Payment Card Industry Data Security Standards (PCI DSS) there can be heavy penalties in the event of a breach. These costs can be covered by this extension to coverage.
Should a third party service provider suffer a cyber event that impacts the businesses networks, systems or data then this extension can provide invaluable protection for resulting costs, expenses and lost profits.
It is not just cyber security events that can be covered by Cyber Insurance, it is also possible to cover System Failure events. These can result in significant costs and expenses to rectify, claims from customers, loss of profits as well as damage to reputation.
Extortion events are increasing exponentially, with the rise of data ransoming and cyber squatting, costs in managing a cyber-extortion situation, and the ransom itself is a critical element of Cyber Insurance.
Damages and defence costs incurred in connection with a breach of third party intellectual property, or negligence in connection with electronic content is a coverage which Cyber Insurance provides.
Cyber Insurance is one important part of a comprehensive insurance programme. It is likely existing insurance arrangements will have elements of cyber cover but may not provide coverage against all the different scenarios in which a serious cyber event can impact a business. Contact Elmore to undertake a gap analysis of your existing cover to that of cyber to see how you are covered.
Cyber Essentials is a UK Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Implementation of Cyber Essentials controls can significantly reduce the risk of prevalent but unskilled cyber-attack. There are two types of certification:
Requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
Offers a higher level of assurance through the external testing of the organisation’s cyber security approach.
The UK Government have nominated 4 Accrediting bodies to provide certifications to the cyber essentials scheme. Elmore works with APMG, CREST, and QG Standards. Each accreditation body has a list of agreed certifying bodies that validate the application process.
To get a Cyber Essentials Certificate, Elmore have affiliation with a number of Certification bodies. To learn more about this proccess, get in touch.Get in touch
Cyber Essentials sets out five security controls which will help all organisations protect themselves against the most common cyber threats. Take this quick test to give you an idea of how you measure up. You can then decide whether to apply for one of the Cyber Essentials badges.Measure my cyber security
Use the UK Information Commissioner’s Office (ICO) toolkit to assess your compliance with the UK Data Protection Act and help you improve and promote information rights practices in your organisation. Please note the toolkit does not store user responses.Measure my data compliance