What Is Cyber Insurance And What Does It Cover
Cyber insurance is used to protect a business’s data and technology from a range of different types of cyber event. Having cyber insurance will not stop a cyber event but it will help a business respond and minimise the impact when it happens.
Elmore Cyber Insurance USP’s
More Than 60% Of Cyber Incidents Are Due To Human Error
Human error is often cited as the main cause of cyber events occurring. Providing suitable
training to staff can prevent a cyber event happening.
A Basic Cyber Insurance Policy Provides
3 Areas Of Cover:
This involves the incident response expenses of an investigation by third parties to establish the extent of the breach; consultation on how to manage legal and regulatory issues; notification management via a crisis communication strategy; the establishment of a call center to field queries; and the provision of credit monitoring.
This covers defence costs arising from data protection obligations in respect of a regulatory investigation, and any data protection fines (where insurable by law) that the company is legally liable to pay in respect of such regulatory investigation with regards to a breach of data protection legislation.
This tends to impact some months later. Affected individuals or businesses will bring claims or written demands for a failure to protect their information, seek compensation for financial losses from hacking, or damages from theft of identity. Cyber Insurance can provide defence costs and any resulting damages from multi-jurisdictional claims.
There are additional areas of coverage available in a
cyber insurance policy, not included as standard:
This takes into account the increased operational costs and reduction in profits as a result of a cyber event. This is known as non-physical damage business interruption, which is excluded from property insurance.
PCI Fines and Awards
If an organsiation is answerable to the Payment Card Industry Data Security Standards (PCI DSS) then there are heavy penalties in the event of a breach. These costs can be covered by this extension to coverage.
Should a third party service provider suffer a cyber event that impacts the businesses networks, systems or data then this extension can provide invaluable protection for resulting costs, expenses and lost profits.
It is not just Cyber Security events that can be covered by Cyber Insurance, it is also possible to have a System Failure which can result in significant costs and expenses to rectify, claims from customers, loss of profits as well as reputation.
Extortion events are increasing exponentially, with the rise of data ransoming and cyber squatting, costs in managing a cyber-extortion situation, and the ransom itself is a critical element of cyber insurance.
Digital Media Liability
Damages and defence costs incurred in connection with a breach of third party intellectual property, or negligence in connection with electronic content is a coverage which Cyber Insurance provides.
Cyber insurance typically covers business interruption loss upto the point of system restoration, however a reputation impact can last for many months longer, this covers the lost income during the reputation period.
First time buyers of cyber insurance need to consider buying an extended discovery period, as often hackers can be inside a network without knowledge and this may not be covered unless specifically extended.
Costs to seek information and obtain the identity and whereabouts of the persons responsible for causing loss, including hacker bounties to buy more time or extend hacker ransom demands or deadlines.
The Cost Of A Data Breach
The 2019 Ponemon Institute Cost of a Data Breach Report sponsored by IBM states the number one factor that influences the cost of a data breach is utilising the services of an incident response team (such as the one covered by a cyber insurance policy) see figure 19 in the attached report.
Do You Know How Much A Data Breach Could Cost Your Business
The World Economic Forum has stated cyber security as being one of the top 5 risks facing business. It is important to understand and quanitfy what financial implications a data breach can cause a business.
With a Cyber Essentials certificate (or equivalent information security certification), Elmore can arrange a more competitive Cyber Insurance policy.
Cyber Essentials Accreditation Bodies
The UK Government have nominated 4 accrediting bodies to provide certifications to the Cyber Essentials scheme. Elmore works with APMG, CREST, IASME and QG Standards. Each accreditation body has a list of agreed certifying bodies that validate the application process.
Measure My Cyber Security
Cyber Essentials sets out five security controls which will help all organisations protect themselves against the most common cyber threats. Take this quick test to give you an idea of how you measure up. You can then decide whether to apply for one of the Cyber Essentials badges.
Measure My Data Compliance
Use the UK Information Commissioner’s Office (ICO) toolkit to assess your compliance with the UK Data Protection Act and help you improve and promote information rights practices in your organisation. Please note the toolkit does not store user responses