Does My Business Need Cyber Insurance?

One way of minimising the fallout from a cyber attack is to take out cyber insurance. With Scams Awareness Week fast approaching, we take a detailed look at what cyber insurance is and what it covers. We also consider whether your business is going to be one that should seriously consider cyber insurance.

What Is Cyber Insurance?

Cyber insurance is a form of insurance that provides cover for damage or loss caused by a cyber attack. This is a fairly new form of insurance that is evolving rapidly. There are several different types of cyber insurance products that offer cover for different aspects of a cyber attack. Some of these are detailed below.

• Cover for those directly affected by an attack (including electronic media liability and network security liability). Data theft, loss of service, online theft, extortion or hacking (for example of client accounts) can all be caused by a cyber attack. The victim(s) of the attack are entitled to compensation. Cyber insurance will cover these costs.
• Infringement of intellectual copyright due to a cyber attack. Infringement of copyright or trademarks.
• Cover for errors caused by others that have led to information being lost, stolen or destroyed. The cover also includes compensation for loss of reputation or negative publicity as a result of the data breach.
• Cover to reimburse a company for the expense and inconvenience entailed in dealing with a data breach. This might include reimbursement for managing poor publicity, a post-incident action plan and/or an investigation into the incident.

Cover may be first party or third party.

First-party insurance covers a company for damage that’s been inflicted on it due to a cyber attack or security breach of some sort.

In contrast, third-party insurance covers the employees, clients or partner companies that have been adversely affected due to a cyber attack on the business with whom they have a relationship.

For example, if a data breach by a healthcare facility led to patients experiencing identity theft, the healthcare provider’s third-party cyber insurance would provide reimbursement for damage that the breach had caused to patients.

In most cases, cyber insurance policies can be customised to meet the needs of the client – given that prices can vary significantly (and may run into thousands of dollars for large companies carrying out high-risk activities with a large client base), it’s important to find a broker that can create an insurance policy that’s suited to your circumstances.

Which Types Of Businesses Need Cyber Security?

Although it’s rare to find a business that doesn’t use the internet in some form or other, for some businesses the risk of a damaging cyber attack is relatively low. In most cases, the types of business detailed below don’t need cyber insurance:

• Small and medium businesses.
• Businesses that operate in a face-to-face, rather than a virtual environment.
• Businesses that favour cash payments rather than online or digital payments.
• Businesses that don’t operate transactions through their website.
• Businesses that collect no, or minimal, personal information about their clients.
• If their data security work is contracted out to a third party that has suitable cyber insurance in place.

That doesn’t mean these types of businesses don’t need to take precautions to reduce the risk of a security breach. It’s vital that every business is as proactive as possible in making sure its digital security is as good as it can be.

If your enterprise doesn’t fall within the categories listed above, whether to invest in cyber insurance ultimately comes down to an analysis of the possible cost of a cyber attack and the risk of one occurring. If both these variables are high, cyber insurance is necessary. Where one variable is high and the other much lower, insurance is recommended. Even if the cost to your business of a cyber attack would be low and an attack is unlikely, cyber insurance can provide welcome financial security and avoid the need for a cushion of savings to cover the effects of a cyber attack ‘just in case’.

High-risk enterprises are those that store large amounts of private information on multiple clients and have a system that is accessed by multiple users. Hospitals, healthcare practices, dentists and similar enterprises should definitely consider cyber insurance.

Another high-risk category includes businesses that have a significant amount of commercially sensitive and/or trademarked material in the digital arena. A large number of industrial facilities fall within this category.

Cyber attacks are a big risk for banks and other financial institutions, as well as accountants, solicitors and other professionals.

For companies operating e-commerce platforms and/or that accept payments online, cyber insurance could protect them from the fallout if hackers steal client payment details.

The larger the company, the greater the amount of damage a cyber-attack could cause.

Liability Insurance Covering Cyber Insurance

Liability insurance protects your company in the event that you’re sued by a third party. This type of insurance protects your company from being sued for various categories of events, that can be tailored to your activities and level of risk. Cyber insurance can be included in liability insurance cover, ensuring that if a third party sues your company for damage or loss resulting from a data breach for which you can be held responsible, the costs of successful legal action are covered.

Digital information storage and transfer is now a key part of most businesses’ activities, making the risk of a cyber attack almost impossible to eliminate. With the number of cyber attacks growing year on year, can you afford to risk remaining unprotected? Talk to the liability insurance professionals at Carbon Group to find out more about your cyber insurance options.