Thursday, June 22, 2017

Cyber Insurance Basics

The WannaCry ransomware attacks last May have shown everyone that there is no such thing a complete cyber security. Hackers are among the most creative of software developers and when they go bad and use their skills to invade and cripple businesses through the internet, security agencies play a game of catch up. If large corporates with dedicated IT departments can’t protect themselves against such occurrences, needless to say about small and medium businesses. The off the shelf anti-virus programs are necessary, but will not help against a targeted attack. That is why cyber insurance is growing at a rapid pace. It cannot prevent cyber-attacks, but it can help to mitigate the often disastrous results of a system being hacked.

What Is Cyber Insurance?

Cyber Insurance (also known as “cyber risk insurance” and “cyber liability insurance”) is meant to help provide a business with the financial resources to recover from a cyber-attack. Although there is no standard policy framework as yet, in general cyber insurance will reimburse:


  • Investigation expenses: A forensic investigation into how the attack happened is essential to plug holes and prevent the same thing happening again. Often private security firms are required to help law enforcement in this and the costs can be high.
  • Business losses: A cyber-attack results in business interruption, data loss, network being down and ancillary costs of managing the crisis.
  • Third party loss: Not only do customers have to be notified of data loss that could affect them, in some cases credit monitoring of affected customers is mandated by law. These could total up to a very substantial cost.
  • Ransom and lawsuits:Cyber extortion such a ransomware can mean huge payouts. A business could also be liable for loss of confidential data, intellectual property and regulatory fines. Lawsuits from affected customers are also very common.

What to Look For In Cyber Coverage?

  • Standalone policies are typically better than extensions to an existing policy. They are usually more comprehensive.
  • Do the deductibles work for you?
  • Are third party service providers covered? This is essential if your service providers do not have coverage.
  • Does the policy cover both generalized attacks and those targeted specifically at your business?
  • Are non-malicious acts by employees covered? This may be part of E&O coverage, but it may not.
  • Are phishing and similar attacks covered?
  • Advanced persistent threats  may take place over an extended period of time. What, if any, are there time frames that limit the coverage?

Contact an Insurance Professional That Understands Cyber Insurance

Cyber insurance is a new and rapidly evolving field. The best way to get the right coverage for your business, at the right cost, is to get in touch with and insurance company that has in-depth knowledge of the issues involved. By understanding the nature of your business, the risk you face and the potential liabilities, a coverage that will protect you can be developed. This is not something that can wait. The businesses that were hit by WannaCry thought these things happen to the other guy, until they discover the other guy was them.

No comments:

Post a Comment