What is Cyber Liability Insurance?
Cyber Liability Insurance covers risks, not covered by a traditional insurance policy, examples include: Data Breaches, Business / Network Interruption, Data Encryption, Intellectual Property, Cyber Extortion, Distributed denial of service (DDoS), Malware Attack, Ransomware, and Malicious Employee Action.
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, you need to make sure your cyber liability insurance covers the areas of vulnerability you want to protect. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
Regulations, such as the Data Protection Act and more recently GDPR must also be considered, because a loss of sensitive personal information may subject you and your business to fines and sanctions.
In an age where a stolen laptop or hacked account can instantly compromise the personal data of tens of thousands of customers or an ill-advised post on a social media site can be read by thousands in a matter of minutes, protecting yourself from cyber liabilities is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.
Why Cyber Liability Insurance?
A traditional commercial insurance policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur.
Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber exposures your company faces is essential to managing risk through proper cover.
Possible exposures covered by a typical cyber policy may include:
Data breaches – Increased online consumer spending has placed more responsibility on companies to protect clients’ personal information.
Business/Network Interruption – If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you or a third party that depends on your services, to lose potential revenue.
From a server failure to a data breach, such an incident can affect your day to day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organisations server.
Intellectual property rights – Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
Damages to a third-party system – If an email sent from your server has a virus that crashes the system of a customer or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.
System Failure – A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss.
Cyber Extortion – Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
Don’t Think It Could Happen To You?
For many business owners, it is a case of shutting the door long after the horse has bolted. In other words, they took the risk and paid the price. If you don’t think it could happy to you, just look at these examples:
Ransomware attack - An online embroidery company in the UK suffered a ransomware attack. The attacker created two user accounts and attempted to encrypt and remove customer details and information regarding orders, stock and accounts. The attacker also left a ransom note instructing the company to contact a specified email address.
Encryption of files - An insurance intermediary’s computers were infected with CryptoWall malware that had encrypted certain files stored on the computer and the company’s internal network drive. The names of the files had been altered to “help_your_files.png” and a ransom was demanded to regain access to the files.
Unhappy Employee - A recruitment company was faced with a data leak when a disgruntled employee did not have access rights removed during the leaving process. They were able to access sensitive personal information, which was then posted on a social media site.
Business interruption - A hotel chain that allows customers to book online suffered an operational error when a data centre switchover did not complete fully. Their online booking system was down for over 8 hours resulting in immediate lost revenue.
Distributed denial of service (DDoS) - An online retailer’s website was the subject of a DDoS attack, which resulted in their website being inaccessible or experiencing reduced performance. Prior to the attack, the company received an online message claiming that their website protection was extremely low and would be taken offline unless a payment of £3,000 was made. Further ransom demands of £500 were made during the attack.
Embedded virus - A very small independent drinks seller/bottler found a virus in one of their systems involved in the bottling process, which meant not enough bottle lids were produced for the batch of bottles. This resulted in waste and consequently, the Insured suffered a Loss of Revenue through lost sales.
Fortunately for the companies involved, all had been prudent and had taken out Cyber Liability Insurance, so their losses were covered allowing business to continue as normal.
The WannaCry Cyberattack
This global attack crippled the NHS, hit international shipping company Federal Express and infected more than 300,000 computers in 150 different countries. It was the biggest ransomware attack in history so far… One thing is certain, it will not be the last.
Prevention is Better than Cure
Clearly, prevention is better than cure and for most in the business world, IT is a headache that we really don’t understand and for most of us, we simply don’t know if our IT systems, technology, processes and procedures are up to the job.
If you want to know how to make your IT infrastructure safer consult a reputable IT provider with the depth and breadth of experience and expertise to advise on your circumstances, but remember, even the best system is always vulnerable to attack, the most frequent being due to human error.
People are your Greatest Risk
Even with the best technology on your side, correctly configured, unfortunately, your people are your greatest risk. You need to educate them properly and ensure your contracts and staff handbooks are up to date so everyone knows what they need to do to minimise the chance of human error leaving the door open to Cyberattack.
When, despite all your best efforts to secure your business and remove all vulnerabilities, it is only a matter of time before you suffer which is why it is important to mitigate against the risk and take out suitable insurance cover.
Cyber Liability Insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability cover simply won’t. The level of cover your business needs is based on your individual operations and can vary depending on your range of exposure. It is extremely important to work with a broker that can identify your areas of risk so a policy can be tailored to fit your unique situation.
To find out more about the procedures, policies and documentation you need to ensure staff know what is expected of them, click here: Convergence.