The cost of cyber security breach could costs hundreds of thousands of pounds. If you don’t think your business could cope with a significant cost associated to a cyber threat, then Cyber Liability cover may be worth considering. Currently, less than a third of small businesses have this cover, but nearly 75% of small businesses have been subject to a breach.
So what cover can you obtain?
There are two main options to this type of cover – Third Party Risks Only or Third Party Risks AND your own losses. Obviously the latter will be more expensive.
Third Party Risks means any compensation or other amounts you may have to pay to your customers and/or other people affected by the breach. The cover for Third Party Risks can provide for costs arising from:
- Investigation, defence costs and civil damages following a breach;
- Investigation, defence costs and civil damages relating to defamation (libel/slander), breach of privacy or negligence in publication;
- Loss of Data including payment of compensation for denial of access and failure of software and/or systems;
- The content of electronic media including changes/additions made by a malicious third party (hacker);
- Negligent transmission of a computer virus (or similar malicious programme) to any customer or visitor to your website;
- Unauthorised collection and/or misuse of data.
A lot of this cover relates to what a hacker could potentially do with the information once they have taken it, e.g. they could defame your customers, publish the information (which happened with the Ashley Madison hack in 2015) and the consequences of this (at least the financial ones), although some of it relates to how a hacker might get the information – through a virus or spyware which they could infect your system with.
The cover for your own losses can provide for:
- Damage to ‘digital assets’ e.g. data or software;
- Business interruption from network downtime;
- Cyber Extortion (Hackers threatening to release data etc.);
- Customer notification expenses;
- Damage to the company’s reputation;
- Theft of money and digital assets through theft of equipment or electronic theft;
- Repair/replacement of any equipment or to a website/software following an attack.
OK, so does it cover me for everything? Not everything. As with all insurance policies, there are exclusions and conditions. The most common ones are:
- Any intentional act (including transmission of a virus or other malicious programme created by you);
- Failure of your Internet Service Provider;
- Matters specifically insured elsewhere;
- Data recognition;
- Pre-existing problems;
- Fines, contractual penalties or punitive damages;
- Trading loss resulting from loss of a customer.
Policies will also usually contain requirements for you to ensure all security is maintained and fully updated at all times, problems are addressed promptly, back-ups are taken regularly and kept offsite and any defunct accounts or ones that are known to be compromised are deleted or de-activated.
This is just a summary of cyber insurance. If you feel your business is at risk, then talk to your insurance broker about how they can help. It may be increased system security will be sufficient, or perhaps a combination of increased security and insurance.
The exact cover and conditions differ depending on the insurer. Some will only offer the basics, whereas some will have a few bells and whistles that could come in handy. ALWAYS check with your broker about what cover they are offering you, and ask them if the policy specifically covers the areas that concern you.