Why cyber and data insurance is becoming essential

How I yearn for the good old days of insurance broking.  Risk management meant fire and intruder alarms and good locks. Then it moved on to business continuity plans and strong Health & Safety systems. But now, if you use computers, and few do not, the risks faced have grown and the answers aren’t that simple.  But, as always, risk management and insurance solutions have emerged.

The desire for hackers to get hold of information has been covered frequently in articles that emphasise the Data Protection exposures that you could face if your customer information is accessed. The impact can be huge including investigation costs to establish the scale of the breach as well as fines and damages. Customer data is like gold dust to hackers. Sony suffered a £113m loss when hackers got hold of the personal information of 77 million users but sometimes the smaller targets are easier, the perception being that security is not as great. Sony can survive such a hit, smaller businesses may not be as resilient.

Those simply seeking to cause disruption are just as dangerous. There are scary statistics everywhere but one that caught my eye was that a PC somewhere in the world is infected by a malicious virus every 4.5 seconds1. Then think about the risk that a business faces if it transmits the virus onto a third party, such as a key customer, resulting in a potential claim for damages. A simple email can be devastating. With the rise of social media more and more business computers are exposed to content from a wide array of sites, not just from staff using them during work hours but because of marketing through such sites. The risk of customers or third parties taking offence at content posted has grown exponentially.

Gone are the days when IT was simply something that helped progress, it is now something upon which we depend. Standard business interruption insurance policies don’t cover such events and yet for most the suspension or infection of an IT system could incur financial losses far greater than a physical burglary or fire.

So, in summary there are considerable exposures in terms of

  • Loss of income and high remedial action costs
  • Claims from third parties whose systems you inadvertently infect
  • Crime, financial and data theft
  • Fines and penalties for data protection breaches
  • Loss of reputation and customers

And yet most businesses will still spend more time and money focussing on fire insurance, ignoring cyber risks. A position that needs to change.

The insurance market has responded and in recent years new policies have arisen covering not only the first party costs such as repairing your own systems and covering the financial loss incurred but extending to include the third party costs such as virus transmission as well as disparagement from an article posted online, intentionally or by hackers. Extensions for crisis containment and cyber extortion costs have been added to offer wider support.

A few suggestions

  • Do not assume that simple security will suffice
  • Review your IT contracts. Do not rely on being able to hold your IT provider responsible
  • Cover the simple bases such as strong rules on password protection including mobile data devices including phones
  • Regularly review and update software, firewalls and antivirus programs
  • Maintain and regularly check a robust back up of ALL the data held in your system – including mobile devices.
  • Educate staff on the risks and the need to be aware of malicious e-mail attachments.
  • Have a clear and robust company policy on internet use
  • Revisit the decision not to consider Cyber Liability insurance as essential business protection
Categories: Uncategorized

Comments are closed.