Below we explain why every business should consider cyber security insurance and how to compare the different types of coverage available from the market to protect your business from data breaches and cyber attacks.
As a Willis Towers Watson Network Broker, we have access to the best cyber security insurers in the market and can ensure your business is fully protected with a comprehensive policy designed to meet your needs. With increasing attacks, your security and business insurance protection are paramount when operating a company in the digital age.
Unfortunately, data breaches and cyber crimes are increasingly common, and criminals are targeting business with the objective of committing fraud, holding your business to ransom, or selling your data on the dark web.
That's why cyber security insurance can be a smart precaution for any size business. The threat of an attack continues to change, and even with the best practices and security available your business will never be fully protected.
Cyber security insurance is financial protection and potentially third-party support to help recover after a data breach or attack. There are different types of coverage available under the policies and below we explain how they work.
Malicious breaches by third-parties or employee actions, whether deliberate or not, can unfortunately negate the security measures your company has in place. Below are the most common attacks that can infiltrate your computer systems and why you need cyber coverage.
Malware cover can protect against malicious software which can exploit vulnerabilities, potentially allowing your activities to be recorded.
Ransomware insurance offers cover after locking you out your system and then demanding a ransom to release control and not publish data.
Denial-of-service cover can provide solutions to attacks which seek to render a system or server unavailable, typically overwhelming a server.
Cyber liability insurance helps provides cover for your legal liability for damages and defence costs from third party claims arising from a data and privacy breach. The coverage can offer protection from failure to prevent an individual's data being breached or transmission of harmful malware to a third party.
Cyber extortion insurance will respond to fraudsters attempting to extort money by threatening to carry out an attack or threatening to expose/destroy data having already compromised the network. The policy coverage will pay the ransom demanded to stop a data leak and restore your systems.
Incident response and notification coverage provides access to specialists to mitigate the damage of security and privacy breaches. The policy coverage can include IT security, forensic investigation, legal advice, and the costs associated with notifying any individuals under data protection laws (i.e., GDPR).
Business interruption insurance provides cover for the subsequent loss of profits and increased costs because of a security or data breach. There is usually a 12 hour waiting period as a deductible, then during the time you are unable to trade the policy coverage will reimburse your loss of profits and increased costs.
Media liability insurance provides coverage for your legal liability for damages and defence costs from third party claims arising from infringement of any intellectual property rights. Including libel, slander, or defamation via an electronic platform.
System damage coverage provides for the costs of data and applications to be repaired and restored in the event computer systems are damage from an attack, often critical in getting the company operating again. Regulatory fines coverage provides for fines and penalties imposed by a government or regulatory body because of a security and data breach, where permitted by law.
Covers the cost of IT security, forensic investigation, legal advice, notifying individuals their data was stolen, cyber extortion, system damage, regulatory fines and subsequent loss of profits and increased costs as a result of a security and data breach.
Covers the damages and legal costs in defending allegations and damages from a security or data breach, or infringement of intellectual property rights, including libel, slander or defamation via an electronic platform.
Get indemnity™ cyber security insurance starts at £323 annually or £26.91 per month for a small business, which can provide coverage for a variety of threats with a response hotline, technical advice, legal input, and forensic experts.
However, the cost that insurers charge will be unique to your business and will depend upon a number of factors, including your turnover, exposure to the USA, the industry that you work, and the security measures you employ.
We can offer guidance to companies to ensure you have the necessary security controls in place to meet insurer's minimum requirements. With increased claims activity greater emphasis is being placed on risk management.
There are many different commercial insurance covers available to help protect your company from financial losses. Talk to an expert insurance broker to discuss your business needs and how to secure the best coverage at the most affordable premiums.
Obtain a professional indemnity insurance policy to help protect against the failure to exercise reasonable skill in offering a service.
Obtain an employers liability insurance policy to help cover claims arising from injury or illness of your employees whilst at work.
The industry which you work will impact your susceptibility to breaches, and therefore increase your insurance premium cost. For example, the following industries carry an increased expose to claims: accountants, casinos, data aggregators, education sector, financial services, hospitals, hotels, medical industry, payroll services, professional services, solicitors, telecommunications, trading platforms, online gaming, and payment card processors. It's important to clearly identify what business activities you undertake when applying for cover.
Turnover is a direct rating factor for insurers to calculate your premium cost. The larger your business the higher premiums your business will be required to pay. There will also be certain thresholds, where insurers will provide discounted rates to grow their portfolio. For example, companies with a turnover less than £1 million is the most competitive. Whereas there is significantly less competition when your turnover exceeds £100 million.
The number of individual data subjects (otherwise known as personally identifiable individuals PII) is another direct rating factor for insurers. Less than 25,000 is commonly acceptable, once you breach the 100,000 or 250,000 threshold this will impact insurers decision making. In addition, the type of data you hold or process will impact your premium. Sensitive data such as: banking, card details, and medical information is perceived as the highest risk. The larger and more sensitive the data you process or hold the greater risk to insurers and will attract higher premium charges.
Insurers will want to understand your turnover split by territory. Certain countries such as the US are more litigious in nature and allow for class actions (otherwise known as collective actions) on an opt-in basis which means their ability to bring a demand for compensation that much easier in a court of law. The higher exposure to a legal system which makes more frequent and higher awards means insurers will need to charge higher premiums when calculating the cost of your cyber risk insurance.
There is a growing emphasis from insurers requiring minimum controls as conditions within the policies. Cybersecurity remains the first line of defence and if insurers are going to accept your risk, they want to make sure you adhere to best practices that mitigate your exposure to claims. Premium discounts will be available for companies which are able to demonstrate their risk adverse nature. Common controls required by insurers include: backups of critical data, VPN for remote access, multifactor authentication for cloud based services, and cybersecurity training.
If you have been the subject to cyber breaches that would have been insured, even if you didn’t have a policy in force you need to disclose that information. Unfortunately, you incur higher premium costs if you have been the subject of cyber claims in the past five years. Insurers will want to understand exactly what occurred, how much the cyber incident cost, and what remedial actions were taken to stop a similar incident occurring again.
Cybersecurity is unfortunately not full proof, especially in an ever-changing environment. It is commonly accepted that attacks and security breaches are increasing in frequency and sophistication. Good security is increasingly being combined with insurance to ensure financial protection and access to specialists.
You can select the amount of your deductible when arranging the coverage. Typically, there will be minimum threshold insurers will expect you to cover. For business interruption there will usually be a waiting period of 12 hours before the policy responds.
Cyber liability insurance is financial protection for damages and defence costs from third party claims arising from a data and privacy breach.
A cyber liability claim could arise from failing to prevent an individual's data being breached. Those individuals then bring a claim against your business for financial losses and emotional distress resulting from their data being leaked. A second example, would be the transmission of harmful malware to a third party. They then suffer a financial loss as a result of that malware and seeking damages from your business.
Social engineering fraud is the manipulation of employees to bypass digital security, which typically results in money being transferred to a fraudsters bank account.
Some insurers will provide financial protection from a criminal or fraudulent taking of money. Typically, the coverage amount is sub-limited under a cyber policy.
The UK has one of the largest and diverse cyber risk insurance markets in the world, with Lloyds of London a leader for large and difficult to place risks. There are numerous insurance companies and agencies with a cyber product offering.
Cybersecurity can be complex and confusing, but there are some basic steps that can help your clients develop a more robust cybersecurity program.
Cyber liability is fast becoming the last frontier of the insurance world. Hackers and cyber thieves are growing in number and in the sophistication of their attacks.