What is Cyber Insurance?
A policy to cover the emerging cyber risks of many businesses, the policy will essentially respond in a variety of two scenarios:
1. Third Party Liability (i.e. your liability to a third party)
- You commit a Media Wrongful Act (i.e. libel, slander, copyright infringement, plagiarism, piracy, etc.).
- Loss, theft or failure to reasonably protect personal data or confidential business information you hold of your clients.
- Fines & Penalties imposed upon you for breaching privacy legislation and failing to secure client data.
- Damage to a third-party system caused by a virus you inadvertently send.
2. First Party Costs (i.e. costs you incur for responding to a cyber event)
- Privacy Notification Costs (costs incurred in notifying your clients of a breach pursuant to legislation).
- Crisis Management Costs (costs incurred in engaging a consultant to determine the existence, cause and scope of a breach).
- Cyber Extortion (when your system is held ransom by hackers).
- Business Interruption (loss of profit and operational expenses in the event of a cyber event causing a disruption to your business).
- Data Recovery (costs incurred in repairing your system and data in the event of a hack).
- Social Engineering and Financial Fraud
(including transfer of money or securities to an account outside of your control pursuant to instructions made by a person purporting to be an authorized employee, outsourced provider or customer of you, when such instructions prove to have been fraudulent and issued by a person who is not an authorized employee, outsourced provider, or customer of you).
Who should consider it?
Any business with a computer system that stores & relies on data is at risk of a cyber attack and should consider a cyber policy. The costs associated with rectifying a breach of your system, investigating the reasons for the breach and extent of the hackers’ damage, recreating & restoring data and the like, can be quite high. Not to mention the effects on your business due to the loss of income after such disruption.
Those businesses with an e-commerce website would be especially affected in the event the website was held to ransom or taken offline by hackers.
Businesses that hold personally identifiable information or medical information on clients are at high risk of being targeted by cyber criminals for identity theft. This may include such sensitive information as: personal names & addresses, dates of birth, tax file numbers, ID numbers and the like.
Did you know:
Effective 22 February 2018, the Privacy Act 1988 includes mandatory data
breach notification requirements. In summary, the Privacy Amendment
(Notifiable Data Breaches) Act 2017 requires all relevant organisations to:
1. Report the data breach to the Government’s Privacy Commission; and
2. Notify all affected customers
What can it cover:
- Forensic costs for experts to come in and see what went wrong
- Legal Fees
- Recovering or replacing your records or data
- Costs to notify affected individuals and regulators
- Costs to set up call centres
- Hiring negotiators and paying ransom
- Cyber-crime, including social engineering, phishing and phreaking
- Cost to repair IT systems and data
- Business Interruption
- Prevention of further attacks
- Third party claims from a failure to keep data secure, inadvertent transmission of a virus and claims arising from the content of your website or emails
What isn’t covered:
As with all insurance policies, absolutely everything is not covered. Cyber policies will not cover loss that would be covered by another policy, i.e. loss or damage to hardware (i.e. by fire, theft, breakdown, water damage, accidental damage, etc.) as well as power failure, upgrading systems & networks and electromagnetic damage.
You should review any quote received carefully and consider the policy wording for all policy terms, conditions, exclusions and limitations.
A large accounting firm has its server hacked with thousands of clients’
personally identifiable data being stolen.
Their Cyber policy provides cover for the costs associated with an IT
consultant to investigate the cyber-attack and protect them against
further attacks, plus repairing the damage to their network and recovering data.
of their data is also covered.
business with minimal financial and operational impact.