CFC have recently released their first ever cyber guide, explaining how cyber risk and insurance has evolved and how a good cyber policy addresses modern exposures. Below we have briefly summarised the key points of the guide, however the full cyber guide can be found via CFC’s website.
What Does Cyber Mean?
“Cyber” is on of the most talked about topics in business, insurance and media but also seems to be one of the most misunderstood. The development of cyber insurance has historically focused primarily on third party privacy exposures. At the same time, traditional insurance policies have tried, but rarely succeeded, at addressing cyber risks; this has left clients believing many exposures are covered when they actually aren’t.
Whilst the technology revolution has brought with it unparalleled levels of convenience and choice to millions of people across the globe, it has done the same for the criminal underworld. It is now far easier and far more lucrative for criminals to operate digitally rather than physically. Cyber attacks are the modern crime and cyber insurance is the way to protect against them.
The Need For A New Type Of Insurance Policy
Cyber insurance is necessary because traditional insurance policies were not designed to handle 21st century threats. Many standard first party insurance policies (ie those that protect your own assets/losses) such as property and traditional crime were designed to deal with threats to a company’s physical assets – their buildings, machinery, office equipment and tangible money only.
There has historically been little to no protection offered under these policies for loss of, theft of or damage to data, systems and electronic funds. However, most businesses these days now have a much greater reliance on their digital assets than they do on their physical ones, which makes a new kind of policy essential.
Types of Cyber Claims
Theft of Funds
This is straight forward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, the bank will not reimburse them.
Theft Of Data
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly information such as names and addresses stored on a computer network can be worth more money than you think.
Damage To Digital Assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a firm’s digital assets, attackers know that they can extort money from their victims who might prefer to pay ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix.
What Does A Cyber Policy Cover?
Broadly speaking, most cyber policies can be divided into two areas; first party covers, and third party covers.
The first party sections cover your own financial loss arising from a cyber event, which for CFC is defined as any actual or suspected unauthorised system access electronic attack or privacy breach. The third-party sections cover you for liability actions made against you arising out of a cyber event.
First Party Cyber Policy Cover
Incident Response
This section of cover will generally pick up all of the costs involved in responding to a cyber incident in real time, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security, and the cost associated with having to notify any individuals that have had their data stolen. One of the most important aspects of a cyber policy is that it provides access to the right specialists as well as paying their services.
Cyber Extortion
This covers costs incurred in responding to fraudsters attempting to extort money from you by either threatening to carry out a cyber attack or by threatening to expose or destroy data after having already compromised the victims network. Ransomware, where the victim’s data is encrypted (converted into an unreadable format) and only made accessible again by the payment of a ransom demand to the attacker, is one of the fastest growing forms of cybercrime.
System Damage
This covers the costs for your data and applications to be repaired and restored in the event that your computer systems are damaged as a result of a cyber event. This is often critical in getting a company back up and running.
Business Interruption
This aims to reimburse loss of profits and increased costs of working as a result of interruption to a business’ operations caused by a cyber event. It works in a very similar way to traditional business interruption insurance except the trigger is a non-physical peril as opposed to a physical one.
Third Party Cyber Policy Cover
Network Security and Privacy Liability
This covers third party claims arising out of a cyber event, be it a transmission of harmful malware to a third party’s systems or failing to prevent an individual’s data from being breached.
Regulatory Fines
This will cover the cost of certain fines and penalties that a regulatory body might enforce on an organisation as a result of them having suffered a data breach.
Media Liability
This covers any third-party claims arising out of defamation or infringement of intellectual property rights. Media cover started out in cyber policies to offer protection in respect of online content online, but as policies have broadened over the years, its not uncommon for full media cover to be provided.
For further information please contact CFC or reference the full cyber guide.