In March 2014, new privacy act legislation was introduced with penalties of up to $340,000 for individuals and $1.7m for companies, for breaching the legislation.
Cyber insurance has been designed to address the exposures businesses face from relying on the internet, email, websites, computer programs and from storing private information about their clients.
10 Reasons why you may need Cyber Insurance
|1||Complying with breach notification laws is time consuming and expensive. In March 2014, new privacy act legislation was introduced with penalties of up to $340,000 for individuals and $1.7m for companies, for breaching the legislation. Companies are also required to notify customers that have had their data compromised. Cyber policies can provide cover for the penalties imposed and the costs associated with fines and breach notifications.|
|2||Data is one of your most important assets yet it is not covered by standard property insurance policies. Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realise that a standard property policy would not respond in the event that this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss no matter how it was caused and up to the full policy limits.|
|3||Systems are critical to operating your day-to-day business but their downtime is not covered by standard business interruption insurance. All businesses rely on systems to conduct their core business, from electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a “non physical” peril like a computer virus or denial of service attack.|
|4||Cyber crime is the fastest growing crime in the world, but most attacks are not covered by standard property or crime insurance policies. New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses.|
|5||Third party data is valuable and you can be held liable if you lose it. We all hold more data than ever before and often this data belongs to our customers and suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims in the event that you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data.|
|6||Retailers face severe penalties if they lose credit card data. Global credit card crime is worth over $7.5bn and increasingly this risk is being transferred to the retailers that lose the data. Under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, credit care reissuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs.|
|7||Your reputation is your number one asset, so why not insure it? Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a PR firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors.|
|8||Social media usage is at an all-time high and claims are rising. Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightning speed and exposed to the world. But often there is little control exercised over what is said and how it is presented and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement.|
|9||Portable devices increases the risk of a loss or theft. The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a train, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus.|
|10||It’s not just big businesses being targeted by hackers. Whilst the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss. In fact, over a third of global targeted attacks were aimed at businesses with less than 250 employees. Cyber attacks are quickly becoming one of the greatest risks faced by smaller companies, making cyber liability insurance a must. It can help protect smaller companies against the potentially crippling financial effects of a privacy breach or data loss.|
What Does Cyber Insurance Cover?
- Privacy Protection – covers costs to defend and settle claims against you for failing to keep clients personal data secure.
- Breach Costs – if your systems are breached, this covers the costs to figure out what went wrong and the expenses associated with notifying customers, setting up monitoring services and minimising brand damage.
- Cyber Business Interruption – compensation for lost or reduced revenue as a result of your systems being hacked.
- Cyber Liability – covers expenses and fines incurred if you breach IP rights, transmit a virus or make a defamatory statement via email or your website.
- Hacker Damage – covers the cost to repair, replace or restore systems and data as a result of a hack.
- Cyber Extortion – payment of ransom demands and specialist consultant fees, where a hacker holds or threatens to hold your website, extranet, intranet, network, programs or data to ransom.
Who: Travel agency with 4 locations, $10M turnover and 30 staff
What happened: The insured experienced three separate data breaches over a 3-year period in which hackers gained access to the company’s computer system. Over 250,000 individuals’ credit card information and passport details were compromised.
Which section responded: Privacy Protection & Breach Costs.
Outcome: $1.75m paid for the forensic, legal costs and fines brought by the regulator and costs associated with notifying affected individuals and providing credit card monitoring services.
Who: Online retailer with $5M turnover & 15 staff
What happened: Hackers gained access to the insured’s website. They stole personal customer information, defaced their website and inserted links to a competitors website.
Which section responded: Privacy Protection, Breach Costs, Cyber Business Interruption & Hacker Damage.
Outcome: $800k paid for the loss of income plus the costs to repair the website as a result of the hack; defence costs for regulatory actions by the Privacy Commissioner; and costs of notifying the affected individuals including providing credit monitoring services.