Insurance Guide eBook Cover
GET SAVVY WITH YOUR INSURANCE NEEDS... DOWNLOAD YOUR FREE GUIDE NOW!
  Privacy Statement.
 

Cyber Risk Insurance

Cyber Risk Insurance is something that both big and small companies must consider. It’s designed to protect first party and third party cyber exposures that arise when a company’s data and/or customer information is breached or stolen.

The success of most companies these days is underpinned by data and technology. Most companies store personal data and financial information of customers and many use a website to sell to, service, or transact with them. They will also run a network to manage crucial day-to-day operations. If either of these technologies are compromised, a business could face major interruption, financial loss, and even collapse.

Companies with access to private, confidential information about their customers and suppliers have a responsibility to keep it secure. Equally, companies who have a web presence or a dependency on technology have emerging content and transactional exposures that can leave them open to cyber risk.

Insurance companies have dedicated data breach response teams to handle and mitigate cyber breaches.

In today’s online world, Cyber Risk Insurance is becoming increasingly vital.

First Party Cyber Risks

A company faces a number of first party cyber risks. These include:

  • Loss or damage to digital assets, which are data and software.
  • Non-physical business interruption and extra expense such as service interruption or network failure.
  • Cyber extortion arising from threats to business data or customer data and relationships.
  • Reputational harm that comes from a data protection breach.

 

Third Party Cyber Risks

Examples of the cyber risks that can affect the third parties of a company are:

  • Security or privacy breach that impacts any third party/employee confidentiality rights.
  • Privacy regulation defence fees and fines as a result of the above.
  • Customer care and reputational expenses incurred if individuals need to be notified of a security breach.
  • Multi-media liability if a company commits negligence in the publication of content in electronic or print media format.

 

General insurance policies won’t provide cover

Many companies believe that their existing insurance policy/policies (such as those listed below) will cover them for loss of data. However, this is usually not the case.

  • Professional Indemnity Insurance – loss of data is only covered if it arises in the ordinary course of a company’s professional services. Losses incurred because of the Internet are usually excluded. It also does not cover business income losses, damage to digital assets, cyber extortion or reputational damage.
  • General Liability Insurance – only covers bodily injury and property damage losses and, as data is deemed to be an intangible form of property, no coverage would usually be provided for breaches of privacy.
  • Property Insurance – typically only covers damage to tangible property, so data would not be covered. Whilst business interruption may be covered, it will not be covered when it has arisen out of non-material damage to a network.
  • Computer All Risks Insurance – covers costs involved in repairing damaged hardware (tangible property) and would not respond to claims for lost data.

 

Types of Covers available for First Party Exposures vs Third Party Exposures

 

First Party Exposures Third Party Exposures
  • Loss or damage to digital assets – damage to a company’s data or software programs.
  • Non-physical business interruption and extra expense – income lost and interruption expense due to network interruption/ failure or degradation in service.
  • Cyber extortion – when someone tries to extort money from a company by threatening to damage/restrict its network or data, or to communicate with a company’s customers under false pretences to gain personal information.
  • Reputational harm – loss of income and PR expenses when damage to a company’s reputation results from a data protection breach.
  • Security and privacy liability – investigation and defence costs paid if there is a security breach on a company’s network, if the company transmits malicious code, or if the company breaches third party or employee privacy rights.
  • Privacy regulation defence – investigation costs, fines and defence costs paid when a company is investigated by any regulator.
  • Customer care and reputational expenses – notification expenses, privacy assistance expenses and crisis management expenses incurred when customers and a company’s reputation have been affected.
  • Multi-media liability – investigation and defence costs incurred if you infringe a third party’s intellectual property rights.