Why do I need Cyber Liability Insurance?
Cyber Liability Insurance and Cyber Liability risks are vital for businesses that hold any form of data on individuals. In the modern world, technology has become a vital tool in every aspect of business and this now extends further than email and internet usage. For example, businesses are reliant upon systems for production, and people are reliant on smart devices to control various aspects of their lives both work and personal. Such a heavy reliance also increases the exposure to threats to technology and business, these threats being viruses, hackers and misuse of software and hardware. With an ever-increasing need for fast information, high-speed E-mail and complex computer networks.It is vital that you protect your business from a cyber attack and more importantly have the necessary Cyber Liability Insurance. Learn more about the benefits of cyber insurance.
What is Cyber Liability Insurance?
Cyber Liability Insurance is growing more important on a daily basis due to the rise of cyber attacks. These attacks are not targeted purely at large businesses such as banks but we are seeing a dramatic increase in smaller businesses being affected by cyber attacks. In some cases, these businesses are having to close the business for a number of days and some weeks until they are able to re-open. A Cyber Liability Insurance policy covers the losses relating to damage to, or loss of information from, IT systems and networks.
As a business of any size, it is likely you will rely on information technology (IT) infrastructure to some degree. If so, you will be exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted.
While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:
- hold sensitive customer details such as names, addresses or banking information;
- rely heavily on IT systems and websites to conduct their business;
- process payment card information as a matter of course.
Policies generally include significant assistance and management of the incident itself, which can be essential when faced with reputational
damage or regulatory enforcement. The Information Commissioner’s Office (ICO) should you have a breach where personal data has gone missing, will ask what countermeasures and internal processes had been put in place to protect your customers. If you have no evidence that you had taken advice on the best ways to protect your customers’ data then they will not look kindly upon this and in most cases, this will result in a fine.
Generally, cyber risks fall into the first party and third party risks. Insurance products exist to cover either or both of these types of risks.
First-party insurance covers your business’s own assets. This may include:
- Loss or damage to digital assets such as data or software programmes
- Business interruption from network downtime
- Cyber exhortation where third parties threaten to damage or release data if money is not paid to them
- Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
- Reputational damage arising from a breach of data that results in loss of intellectual property or customers
- Theft of money or digital assets through theft of equipment or electronic theft
Third-party insurance covers the assets of others, typically your customers. This may include:
- Security and privacy breaches, the investigation, defence costs and civil damages associated with them
- Multimedia liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
- Loss of third-party data, including payment of compensation to customers for denial of access, and failure of software or systems
How do I manage my Cyber Risks?
As well as putting adequate insurance in place, it is important for you to manage your own cyber risks as a business. This is also mentioned above with regards to regulatory bodies. This includes:
- Evaluating first and third-party risks associated with the IT systems and networks in your business
- Assessing the potential events that could cause first or third party risks to materialise
- Analysing the controls that are currently in place and whether they need further improvement.
In 2014 the Government launched Cyber Essentials – a basic cybersecurity hygiene standard to help organisations protect themselves against common cyber attacks. Considering Cyber Essentials accreditation is a good first step in becoming cyber-resilient.
Todd and Cue have also partnered with Wiggle Security; a cyber security firm in Newcastle who take away the hassle regarding cybersecurity and they are able to carry out web audits to ensure you have a put enough cyber countermeasures in place to satisfy both your insurers and any governing body such as the (ICO), but more importantly to deter a cyber attack.
If you suffer a cyber breach, having cyber insurance can make the recovery process as straightforward and rapid as possible (however it is still likely to take a number of days or weeks depending on the severity of the incident). Many insurers include technical assistance with managing a breach as part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.