Cyber Risk is a dynamic and evolving risk that’s faces both the consumer and businesses. To combat this it is possible that Cyber Risk Management and Cyber Insurance can work in tandem to assist in the mitigation and prevention of these threats.
Cyber Insurance has an established presence in the America , but in comparison the purchase of this form of insurance in the United Kingdom is still very much in its infancy. High profile data breaches in the corporate world are however now beginning to filter through to smaller businesses and individuals impacting us on a daily basis.
It is likely that Cyber Insurance is likely in the future to become part of a businesses portfolio of insurances being purchased alongside, property, professional indemnity and directors & officers insurance.
This website aims to aim to help bring news of the development of the cyber risk landscape; together with news of cyber crime and data breaches in the UK and the rest of the world, along the way trying to answer some basics questions about cyber risk such as :-
What is Cyber Insurance ?
Who needs to purchase this form of insurance ?
What types of Cyber Risks are there ?
How are the Human Factors Affecting the Cyber Risk Landscape?
What is Cyber Terrorism ?
What are Cyber Essentials ?
It promises to be a fascinating journey as the world of cyber impacts on all forms of organisations on a business and personal level.
Cyber Insurance – Where did it all begin?
The first cyber insurance policy was written in 1997 by American International Group. It was a third-party internet liability policy focused on the losses caused by viruses and hackers. In the UK, Hiscox Insurance Company Limited lead the insurance companies in offering cyber insurance.
The scope and cover of early cyber insurance policies was very limited, mainly concerning the use of the internet. The Dot Com bust in the early 2000’s however presented an opportunity for insurers to offer cyber insurance products to technology focused companies. Insurers initially provided cyber insurance policies that included property and liability cover, commonly called commercial general liability. Cyber insurance however failed to get into the mainstream insurance market which was due to a combination of high premiums and limited coverage.
Cyber Insurance – Today
Significant developments over the years have seen cyber risk insurance move forward mainly with the development of notification laws in the US and now in Europe as a result of the GDPR. Nowdays the scope of cyber liability insurance has vastly improved and provides cover for cyber related incidents such as business interruption, crisis management and extortion due to unauthorized access of a businesses technology systems. Privacy is also an important facet of the policy coverage for cyber risk insurance with broader implications and therefore includes policy triggers to cater for this.
The awareness of cyber and data exposures upon a business is increasing every day. Not only with the number of reported data breaches , but government back schemes are also helping to raise the profile. Such initiatives as Cyber Essentials in the UK and the National Institute of Standards and Technology Cyber Security Framework in the US. The aim of which is to encourage businesses to have in place minimum standards for cyber risk management in the event of a cyber attack or data breach that could cause irrevocable damage to a company.
Why should you therefore consider insurance to cover Cyber Risks?
Here are six factors which should be considered :-
How sensitive is your data ? What data do you hold , are these credit card details , bank details, national insurance numbers , addresses of customers?
What are the current regulations concerning data in your business ?
Compulsory notification of a data breach in the UK previously only applied to Telecommunications firms and Internet Service Providers . This changed in May last year when the EU General Data Protection Regulation comes into force. The Information Commissioners Office now has powers to fine a business up to £20M or 4% of gross annual group turnover in the event that they deem that a breach could have been prevented in the absence of better controls over the management and control of data.
3.Existing Cyber Risk Management
A business will need to assess the existing approach to protection of data within the firm . This should include assessment of when the IT system was last renewed , the reliance of third party services, the robust nature of existing security surrounding technology. The review of the Disaster Recovery Plan/ Business Continuity Plan should also take place.
4. Current Insurances
Do any of a businesses insurances provide any coverage for Cyber Insurance ? Property, Computer All Risks and Professional Indemnity Insurance can all provide elements of coverage , but these are not a substitute for a stand alone specific cyber insurance policy.
A gap analysis should be carried as to where current coverage is deficient and what coverage is required for the business .
5. Appointment of an Insurance Broker
There is still a dearth of insurance brokers that fully understand Cyber Insurance and the complexities that are associated with it. There are over 30 insurance markets in the UK that write this class again with varying degrees of expertise. A broker with the right expertise to access the appropriate insurers and to negotiate the correct policy coverage is therefore very important .
6. The” Buy In “
All levels of the business need to “buy in” to the purchase of Cyber Insurance as this is essentially part of the Cyber Risk Management philosophy of the business. Your IT department may feel that it is not needed …. the IT manager may advise the board of directors ” our security systems have just been upgraded , we have the latest firewall protection in place and don’t need the coverage