Every organisation with a network, an online presence and holding or accessing confidential data is at risk of cyber-breach or attack. The very nature of the internet means that cyber criminals from anywhere in the world can hit any specific targets.
Few industries are immune. The increasing digital interconnectivity of business operations, suppliers and customers means that any organisation is vulnerable to potentially catastrophic electronic data theft or sabotage. This inter-dependence between organisations and the rise of cloud computing, social media, corporate ‘bring your own device’ policies, big data and state espionage, has made cyber risk a top concern of business leaders today.
In an increasingly punitive legal and regulatory environment, and in the face of more insurance contracts specifying cyber liability, forward-thinking companies are taking proactive steps to explore and transfer their cyber risk.
Organisations should be concerned about cyber risk if they:
- Collect, store or distribute private information.
- Depend on electronic processes or computer networks.
- Engage vendors, independent contractors or additional service providers.
- Are subject to regulatory statutes.
- Must comply with Payment Card Industry (PCI) Security Standards/Plastic Card Security statutes.
- Are concerned about contingent physical injury and property damage that may result from cyber incidents.
- Rely on or operate critical infrastructure.
- Are concerned about intentional acts by employees.
- Are a public company who are subjected to ePrivacy Directive Notification Requirements?
Cyber insurance has been around for more than a decade. Market research firm Progressive Markets projects the global cyber insurance market to top $29 billion by 2025, while PwC estimates it will reach $7.5 billion as soon as 2020. Cyber insurance can’t protect you from cyber-crime, but it can keep you and your business financially stable should a significant security event occur.
Cyber risk demands specialist insurance cover
Cyber Liability Insurance is one of the most confusing coverages in the market. Not only are there a significant number of carriers offering stand-alone policies but an equal number providing endorsements to other policies. They fall under the general term ‘cyber’, but the scope of coverage and service can be as different as night and day.
Any business considering purchasing cyber liability should take time to understand the extent of the coverage proposed. An experienced insurance professional will be able to assess your risks, understand what risks are insured, what your responsibilities are in the event of a loss and what risk-management services are available.
While existing insurance sometimes carries a level of coverage, it was not created to cover the risks of our increasingly digital world. Standard policies are often inadequate to cover the cost of even a ‘standard’ security breach, let alone cyber-attack or ‘hacktivism’. Only specialist cyber-insurance policies provide extensive cover.
More than a million organisations and individuals fall prey to cyber-attacks every day. As cyber risk advances, and the regulatory landscape adjusts, businesses need to ensure they are not vulnerable.
No business is safe from hackers, unless it makes security its ultimate priority. There is no one-size-fits-all approach to cyber risk insurance. It all depends on the size of the company, nature of its business and its levels of exposure. In this regard, consulting with a professional risk advisor is invaluable in protecting your reputation, data, clients and bottom line.
There are generally two levels of cyber insurance coverage. First-party coverage encompasses direct losses to an organisation or individual; third-party coverage extends to claims and legal action taken by customers or partners.
Coverage differs by provider, but common coverage areas include data breaches, identity theft and personal data theft. This coverage has expanded more recently to scenarios like data damage, network failure leading to business interruption, cyber extortion, the failure of outsourced cloud service providers and forensic investigation costs.
There are also substantial legal fees, fines and costs associated with recovering compromised data, repairing systems, restoring the personal identities of affected customers, and notifying customers of breaches. Cyber insurance can help you recover from a data breach or cyber-attack by mitigating the costs that crop up in the aftermath.
Cyber insurance is not a replacement for cyber security. It’s not a tech solution. Cyber insurance coverage is your personal or professional fail-safe if and when a breach or cyber-attack occurs, and you’re left with a mountain of costs to restore your business, deal with customer lawsuits, or reclaim your digital and financial identity. You should still have a comprehensive suite of security tools in place, including anti-virus and ransomware protection, as well as encryption software, not forgetting password managers and two-factor authentication (2FA) to protect against identity theft.
Cyber insurance is about peace of mind. Despite potentially high premiums, if you choose a policy that protects exactly the coverage areas and attack vectors you need, it will be worth the money.
The unique nature of cyber risks makes it hard for the insurance industry to manage. In reality, policies tend to be somewhat vague and they vary widely regarding which risks are covered, making business skittish. As the industry matures, it is likely that policies will become more specific and much more expensive – particularly as insurance companies realise that the risks posed by cyber-attacks are not independent of each other.
These are the major elements that should be included in a cyber-liability policy:
- Forensic Expenses
Data has been compromised and you need to investigate what happened, how it happened, and what information was accessed. The expenses to hire an outside forensic team are covered.
You will need legal representation to…
The full article is reserved for our subscribers!
Read the full article by Graham Croock, Head of Cybersecurity and Integrated Technology Audit, BDO South Africa, as well as a host of other topical management articles written by professionals, consultants and academics in the June/July 2019 edition of BusinessBrief.
Questions or problems?
email@example.com | +27 (0)11 788 0880 |