No company is immune from the risks of cyber crime. In fact, this enterprise-wide issue affects small and large businesses alike.
The information age allows us to collect, store, and extract data around the globe 24/7, leaving companies more vulnerable than ever to cyber security threats.
When sensitive information gets in the wrong hands, it can result in significant out-of-pocket and reputational costs that can devastate the bottom line.
These events are a lot more common than you think.
Is your company prepared for:
- Identity theft resulting from lost or stolen financial information of customers, credit card numbers, tax file numbers, or other confidential information?
- A cyber extortion threat?
- An e-business interruption, resulting from a security failure or internet virus?
- Costs related to a privacy breach notification of clients private details?
Consider the following claim examples:
Example one
Profile: Diesel service and repair agents, 15 staff and $4M turnover
Background: An employee of the Insured opened a zip file attachment to an email that deployed a variant of ransomware malware. All the files used to open the attachment were encrypted as well as the Insured’s dropbox files in the Cloud, including HR files and employee personal data. Engineers were able to carry on with their operations however all administrative tasks at the Insureds ceased.
Outcome: $5,000 for loss of man hours and IT expenses to repair systems.
Example two
Profile: Accountant, 20 staff and $3.5M turnover
Background: A former IT contractor allegedly logged-in remotely without authorisation and deleted files on the Insured’s server. They also embedded spyware and downloaded viruses onto the server. However, when the police interviewed the individual, he advised that all of his computers were stolen before the Insured’s computers were hacked.
Outcome: $8,000 in costs incurred while restoring and repairing the server damage caused by this incident.
Example three
Profile: Online clothing retailer, 5 staff and $2M turnover
Background: On two occasions in one year, the Insured’s computer system was affected by a CryptoLocker virus, which prevented the Insured from being able to operate as usual.
Outcome: $14,000 in IT expenses to restore the Insured’s systems back to the position they were in before the virus.
Example four
Profile: Raw materials manufacturer, 28 staff and $7.5M turnover
Background: The Insured’s system was hacked via an email they received carrying a Ransomware virus. The virus prevented them from having any access to emails and their network. The hacker held the client’s system to ransom and would only release files if the client paid $12,500. The fact that the client had numerous file shares and common storage areas made their system particularly vulnerable to attack and made it easy for the hacker to encrypt nearly every file in their system.
Outcome: $12,500 in ransom plus an additional $25,000 in IT expenses related to diagnosing the problem, decommissioning the old servers and installing a new network.
So, what actually is Cyber Insurance?
Cyber insurance is designed to protect businesses against a wide range of liability cyber exposures from relying on the internet, email, websites, computer programs, data and from storing private information about their clients.
Who should have it?
Any business that is dependent on critical data stored on computer systems, which could expose them to a cyber attack. (Hint – that’s every business!)
The targets of cyber attacks span a multitude of industries and cyber criminals don’t care where they steal private information from.
The perpetrator could live halfway around the globe. Organised cyber crime rings operate worldwide, 24/7.
Existing insurance policies may be inadequate to respond to today’s digital exposures.
What does Cyber Insurance cover?
Cyber insurance is designed to respond to a variety of cyber risk exposures not covered under conventional insurances.
These include (but are not limited to):
- The costs associated with notifying individuals that have been affected by a breach, including settling up a call centre and identity theft services.
- Immediate expenses such as crisis management costs, hiring a public relations firm to manage the fallout from an incident, a forensic IT expert to identify how and where the breach occurred and legal services, including advice on legislative requirements following a breach.
- Expenses to repair and restore computer systems (including data) and replace loss of business income resulting from the incident.
- Expenses to deal with a cyber extortion threat and reward payments.
- Costs to defend claims from third parties and eventual claim settlements, along with the costs of regulatory investigations and the payment of fines and penalties.
- Multimedia liability claims, such as defamation or breach of copyright, which results from your electronic publishing.