Whilst Cyber Insurance may be viewed as a somewhat new, unconventional cover- there is little doubt of its increasing importance in all forms of business. Perhaps a recent article on ComputerWeekly.com put it best: in life, there are now three certainties; death, taxes and data breaches.
The computer age has seen a cacophony of changes. Information that would once only fit into a system the size of a double decker bus is now wearable on our wrist. When companies carry sensitive data, they carry huge responsibility. In 2013, the average cost of a data breach to an Australian company was a staggering $4.1 million.
These breaches may arise from instances such as identity theft from stolen sensitive personal records stored on companies computers, e-business interruptions resulting from a virus, litigation as a result of a security failure that sees a clients sensitive information stolen and even cyber extortion threats. These are but to name a few instances.
At first glace, it would be easy to dismiss this as problem that only effects large scale organizations, and whilst this is so (take the recent Sony attack for example) smaller businesses are far from immune. Over half of all companies that suffer data breaches employ less than 1000 staff.
Cyber criminals will often see smaller organizations, with less security capacity as an easier target than well resourced larger companies. In a 2012 government survey, over one fifth of respondents admitted to having some sort of targeted attack. This number is certain to rise.
Are you covered?
If your organization carries a traditional Liability or Industrial Special Risks policy, chances are there will be little to no cover in relation to a cyber breach. These traditional policies will respond to bodily injury as well as property damage. Ultimately, a cyber attack will not cause either of these, and yet, can still cripple a business with similar ferocity.
A cyber policy is worded to fill the gaps that traditional policies do not protect. In particular, the policy seeks to cover direct loss, consequential loss and legal liability caused by cyber security breaches. The below examples highlight the necessity of having a cyber policy in place.
Bare in mind whilst reading the below examples just how devastating the consequences would have been had the companies not had the cover in place.
The following claims were all covered under various Cyber policies- how would your business react if such an event occurred?
Example 1.A business emailed, as part of their marketing strategy, promotional documents to their existing clients. However, in error, the company accidentally attached a document that contained personal client data, including credit card numbers.
Example 2.An organisation’s database was hacked, and was subsequently encrypted by a disillusioned ex-employee. The entire database was held at ransom for $1 million.
The Cyber policy reacted and paid the ransom fee.
An employee of a financial institution accidentally left his laptop in a public place. It contained highly sensitive data, which was subsequently compromised. Total defense costs totaled almost $1 million.
The cyber policy covered this breach.
Upon legal advice, it was recommended that all clients be notified of the breach, and should also be offered credit card monitoring services. Furthermore, several parties commenced legal action against the company in question.
All costs incurred were covered under the policy.