Cyber liability – by our partners Russell Scanlan Ltd.
Historically we have always tended to insure physical assets and liabilities; things we can see and touch – allowing us to manufacture a common perception about what would happen if such things were lost or damaged.
Today and for several decades now, there is a far bigger risk to society & business – Cyber.
Most will know the word Cyber. It is a term used to encompass all matters Information Technology: networks/infrastructure, means of communication, the transfer and transaction of data and capital. To most people, it’s a word that holds little meaning based on a widespread, limited understanding of what Cyber actually is. Even despite it being given more column inches with the introduction of The General Data Protection Regulation (GDPR) in May last year.
Yet, there continues to be a rather muted reaction from individuals and companies in acknowledging such risks and even then, further delay in putting in place adequate protections, if any.
Cyber Liability is a term used by the insurance industry for policies developed to cover some of these ever-changing risks. The early response to Cyber risks from the insurance industry was arguably irregular, often rushed with limited understanding of the risks and how to provide [some] cover against them.
Early policies unfortunately fell short of the mark. Several insurers classed theft of funds via electronic means through hacking – vishing, phishing or other social engineering and e-mail fraud to be classed as “Crime” rather than “Cyber” and therefore more appropriately insured under a typical crime policy. Evidently, as theft of money became more common, Underwriters slowly began to acknowledge this ought to be covered under a Cyber Liability policy to avoid any potential grey areas.
They responded to demand.
As the availability of better, more comprehensive policy wordings has improved, the premiums for Cyber Liability insurance have reduced. When looking at Cyber Liability policies, the following are some key areas to ensure your policy includes:
1. Incident Response & Investigation Costs
2. Cyber Business Interruption
3. Cyber Extortion/Ransom
4. Social Engineering & Theft of Funds from Bank accounts. Fraud/Deception
5. Digital Asset Replacement expenses (Hacker Damage)
6. Cyber Forensic Support
7. Media Liability/Reputation costs
Some common exclusions to give consideration to are:
1. Minimum standard of Encryption – on most policies required on all devices?
2. Claims by related Entities – employees’ personal information following data breach
3. Crime versus Cyber Insurance (proximate cause) – as above
4. Bodily Injury & Property Damage – typically excluded
5. Claims Jurisdiction – claims brought in the UK only or further afield?
So what can businesses do as a starting point to protect themselves against theses invisible Cyber risks:
• Protection your Internet connection with a firewall
• Update all devices – hardware and software regularly, “patching”
• Use the most secure level of settings
• Monitor and control access to data and services
• Install anti-virus and malware applications
Cyber Essentials is a Government-backed initiative to help businesses understand Cyber threats and guard against the risks. The accreditation, via the National Cyber Security Centre is the benchmark for Cyber Awareness. It can lead to businesses getting preferential terms and/or discounted premiums from Insurers. The cost of certification starts from around £300 + VAT.
Nathan Wilson, Account Executive at Russell Scanlan Ltd.