Cyber-attacks against businesses large or small are a regular occurrence, with the media reporting regularly on data breaches, payment fraud and social engineering. Cyber criminals are based all over the world, and are becoming more sophisticated all the time, leaving no company or individual immune to their practises. A malware attack could happen to anyone, phishing scams are deployed on a large scale on the assumption that a few people will slip up, and ransomware is an increasingly popular trend in the world of cyber criminals. Denial of service attacks are another huge issue, and have brought companies, big and small, to their knees. Although new security measures are being invented daily to keep up with cyber-criminals, their technology is evolving almost as fast.
Even if you’re not quite sure what terms like “malware”, “trojan horse” or “phishing” mean, you have probably heard of email accounts being hacked, people falling victim to online scammers and computer viruses that wreak havoc on computer systems. Customer data and system passwords have been stolen from companies as big as Facebook, Whatsapp and Carphone Warehouse over the last few years.
Cyber Insurance protects businesses against the potential fallout from attacks like these. This includes not just the disruptive, potentially traumatic event but also the aftermath. This can include further costs, revenue loss, legal fees, reputational damage, loss of staff and more. Here’s what you can expect when you take out cover.
A brief summary of Cyber Insurance
As there are many kinds of potential cyber attack (and more are being invented), it stands to reason that Cyber Insurance has to cover a broad range of eventualities. Unfortunately, Cyber Insurance won’t prevent an attack, however, and it is extremely important for you to ensure that your digital security measures are up to date to prevent them from occurring yourself when at all possible. If you have insurance, then being prepared will also strengthen your claim and your knowledge of what happened and why if an attack does occur.
Cyber Insurance helps you deal with the consequences after a data breach or cyber-attack. As you might expect, the cover you choose depends entirely on the size of your business and, of course, your level of vulnerability or the likelihood of attack. This is another reason you should have an eye on cyber security (that is, having both protections in place and a plan of action if an attack should occur); solid security may help you to find the best possible cyber insurance deal. To be able to know which cyber insurance is best for you, it is best to get your cyber insurance quote.
Different types of coverage and different policies also come with various exclusions and excesses, as with any other insurance policy. These fail safes are needed to protect both the insurance provider and the policyholder.
First Party Cover in a Cyber Insurance policy
First Party Cyber insurance covers you against the immediate effects of a cyber-attack. This type of cover is your frontline damage control policy that will help your company recover from:
Phishing: Anyone who uses an online email provider like Gmail or Yahoo Mail has probably heard the term “Phishing” before. But not everyone is completely aware of what it means. Phishing is the term applied to various nefarious methods through which criminals extract sensitive information from their victims, most commonly, passwords, credit card or banking information and crucial identity information.
One of the most recent cases saw global law firm DLA Piper hit by phishers who convinced clients of the firm that they represented the organisation. This happened despite training for staff, and warnings about what constitutes suspicious communication to clients. Victims were convinced by the scammers to pay funds over to fraudulent accounts. The Solicitors Regulation Authority got involved in this case, talking to all parties. Still, money was lost by several individuals and this had to be reimbursed. The involvement of a regulatory body, and swift action by the firm, hopefully helped to control the situation and maintain public trust in the firm. Without contingency plans and cyber insurance, this would not have happened.
Ransomware: Ransomware is one of the most common and most frightening cyber-crime methods used today. And what it is, is basically in its name. It can happen in a couple of ways. Hackers will gain access to a company network and then lock users out until they are paid a ransom; or they will threaten to make any sensitive information on the company network public – at a potentially devastating cost to the company in question.
One of the most publicised occurrences was in 2017, when several massive corporate companies were attacked by “Notpetya” ransomware from Russia, which was aimed at extorting exorbitant amounts of Bitcoin from its global victims.
Email fraud: This is a similar instance to phishing in many ways, but slightly more advanced. In this case, fraudsters will intercept a company’s email server and send emails, either internally or externally to extort information or funds. From the victim. For example, a fraudster posing as a senior staff member would potentially send an email to someone more junior demanding that funds are released into a fraudulent account.
First Party Cyber Insurance will cover you against loss or damage to data, for example,
If your database is wiped and you lose all your customer information, any costs associated with recovering or rebuilding should be covered.
Loss of income is also covered for business down time – provided the loss is caused as a direct result of cyber-attack. First Party cover will also help with notification or communication costs incurred by a cyber-attack.
Third-Party Cover in a Cyber Insurance policy
Third-Party cover looks a bit more esoteric on the surface. But it can be equally as important as first party. This type of cover protects your company against the indirect consequences of a cyber-attack, like public relations management; for example, if customer information is compromised or if any loss occurs on the part of the customer as a result of your business being attacked, Third Party cover will assist with the necessary relationship management measures.
If a customer takes legal action because their information was compromised, Third Party insurance will also cover your legal costs and will provide cover against regulatory violations (within certain parameters).
What Cyber Insurance Won’t Cover
Every policy has its limits, and while insurance can cover you for some of the consequences of cyber-attack, no policy can possibly cover them all. Most Cyber Insurance policies won’t cover the loss of intellectual property as a result of cyber-attack, as the consequences of this are much harder to measure and pinpoint than other losses.
Short or long-term brand damage can also not be helped by Cyber Insurance, even after Third Party cover has mitigated where it can. There’s never any assurance that the brand’s reputation will recover after the fact.
It’s also always important to remember that your claim will not be paid out if the security measures you had in place were not sufficient, or if it is not clear that you did not take preventative measures. If negligence on your part is involved in any way, you won’t be covered.
Your antivirus software is a key component in protecting your company against attack. The right antivirus programme will pick up a cyber threat before it even gets to you. Make sure you do some research online before signing up for an antivirus programme. Here’s some recommended reading:
Where Do You Begin?
Cyber Insurance is still relatively new to the market. And a surprisingly low number of SMEs have signed up for it. There is no doubt that this is changing rapidly, as SMEs begin to realise that Cyber Insurance saves businesses from closing their doors. The fact that the Cyber Insurance economy is still emerging can make it hard to find a company that offers competitive rates and the service you need.
Visit here for more information Business Insurance for Manufacturing
How to build your Cyber Insurance policy requirements?
Whether you run a law firm, a PR firm, a boutique or a tech start up, likelihood is you have information cyber criminals want. Sensitive client information is always at risk, and should be protected both online and off. This even includes things as simple as names and addresses.
You should make sure all email and web servers are secure, and that plans are in place should an attack occur. All staff should be trained regularly in staying safe, and all vendors should be vetted. Finally, cyber insurance is your last line of defence, and could save your business if something does happen.
According to CPO magazine, half of all cyber attacks are targeted at small businesses. The assumption is that cyber security won’t be as tough as with larger competitors. Of course, that tends to be true. More money can buy more robust security.
In 2019, retail was the second most targeted industry by cyber criminals. Healthcare was number one, with finance and insurance and PR at four and five. Whatever you do, your business could be a target.
It makes a huge amount of sense not only to purchase a well-researched cyber insurance package and check in regularly on your changing needs, but also to sure up your security in any way you can.