Cyber insurance first emerged in the late 1990s as a response to Y2K concerns. Since then, there has been an escalation in the reliance on technology, and the cyber risks of doing business have exponentially increased. It is still an emerging area of risk and insurance, and not all policies are created equally. There is also a lack of understanding of some businesses regarding what is covered by cyber insurance.
What Cyber Insurance Covers
There are four main types of cover and while there are additional types of cover available that may respond to your businesses’ unique needs. You should discuss your businesses’ requirements with your broker to ensure that your cyber insurance policy is tailored to you.
1. Cyber Security
This aspect of cover responds in the event of a network security failure or breach and covers your business costs incurred as a result of a breach including legal expenses, IT forensics, negotiation and payment of ransomware demands, breach notification to consumers, public relations, credit monitoring and identity restoration.
2. Cyber/Privacy Liability
Businesses that store sensitive information belonging to others (suppliers, customers, and even employees) may face liability and/or regulatory exposure in the event of a cyber or privacy breach.
Cyber/Privacy Liability cover extends to insure any damages, fines and penalties, legal expenses or other costs of defending your business against damages claims or regulatory investigation or enforcement.
3. Business Interruption/Operational Cyber Risk
This coverage extends to loss of profits, fixed expenses and extra costs incurred when your businesses’ network is down following a cyber security breach or system failure.
4. Errors and Omissions
Errors and Omissions cover extends to claims arising from your businesses’ errors in, or omissions to, provide services due to a cyber event. It may cover everything from liability arising from your breach of contract, to negligence in the event a cyber event results in failures in your services.
Why Insure for Cyber Risk?
Most businesses rely heavily on technology and connectivity as part of their daily operations. Although IT experts are aware of the nature and extent of the risk of cyber events, the manner of response and costs of dealing with these events is often an unknown until one occurs.
Cyber insurance policies are designed to provide pre and post incident support to businesses against the growing threat of cyber events and ensure operational continuity throughout any cyber event.
The 5 biggest cyber breaches of all time are illustrative of the risks facing businesses:
1. Yahoo 2013-2014
All 3 billion users accounts were compromised (names, dates of birth, email addresses and passwords, security questions and answers) and knocked an estimated $350m off Yahoo’s sale price.
2. Marriott International from 2014-2018
500 million customers’ data was stolen (some combination of contact information, passport numbers, travel information, and other personal information) Marriott believes that credit card numbers and expiration dates of more than 100 million customers were stolen.
3. Adult Friend Finder October 2016
20 years of data was collected from six databases that included names, email addresses and passwords. The passwords were largely weak and therefore 99% were hacked.
4. eBay May 2014
145 million users compromised – this hack exposed names, addresses, dates of birth and encrypted passwords. The company said hackers got into the company network using the credentials of three corporate employees, and had complete inside access for 229 days. Thankfully, credit card details were stored elsewhere and were not compromised.
5. Equifax July 2017
Equifax (a large credit bureau in the U.S.) had hackers access 147.9 million consumers’ personal information. including 209,000 who had their credit card data exposed.
According to Ponemon 2018 Cost of a Data Breach Study: Global Findings, in 2018 alone, 2.8 billion consumer data records were exposed at an estimated cost of more than US$654billion. Of that 97% was personally identifiable information. This was in spite of $114B investment in information security products and services.
What should you do
The best cyber policy for your business should be one customised to your unique business needs. If you are concerned about cyber exposure, do not delay in speaking to us.