The rise of cyber insurance: Are you covered?
5th January 2017
The rise of cyber insurance: Are you covered?
What is cyber insurance?
Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to provide a business with a stable financial and commercial platform in the event of a potentially catastrophic cyber security attack. This includes mitigating losses relating to data breaches, ransomware and malware.
Is it required?
Businesses that do not rely on some form of information technology (IT) infrastructure are few and far between. The majority of organisations that do utilise technology are exposed to the vast range of cyber security threats that inhabit the digital landscape. As originally reported by the BBC, cyber security insurance claims for data breaches are being made at a rate of more than one a day. These breaches can incur revenue loss, business interruption and reputational damage, which in some extreme cases is irreparable.
A UK Government survey estimated that the average cost of a cyber-security breach is £65,000 – £115,000 for SME’s and £600,000 – £1.15m for larger organisations. Attacks against all business are increasing and SME’s are just as much a target as corporates, particularly in the areas of ransomware and email fraud. Symantec has reported that over 30% of phishing attacks in 2015 were targeted at businesses with less than 250 employees. Furthermore, Symantec’s latest 2016 Internet Security Threat Report has indicated that 43% of all attacks in 2015 targeted SME’s.
Businesses are now recognising the importance of cyber insurance policies to cover themselves in the event of such an attack. A business could be vulnerable to a data breach or loss of vital business services if they;
- Hold sensitive customer details such as names and addresses or banking information
- Are reliant on computer systems or a website to conduct their business
- Subject to a payment card industry (PCI) merchant services agreement
The Governments Cyber Security Report neatly states that;
“Companies are recommended to stop viewing cyber largely as an IT issue and focus on it as a key commercial risk affecting all parts of its operations”
What does cyber insurance cover?
Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
Cyber insurance coverage may include:
- Loss or damage to IT systems such as data or software programmes
- Digital financial theft
- Media liability
- Privacy protection
- Cyber business interruption
- Hacker damage
- Data breach costs
- Cyber extortion where cybercriminals threaten to damage or release data if ransom is not paid
Revealing potential coverage gaps
With numerous high profile data breaches occurring on what seems a weekly basis, the market for cyber insurance has grown rapidly, as organisations that treat cyber security with the respect it deserves take the relevant steps to protect themselves. A caveat to this is that such policies are very complicated and can reveal significant cyber insurance coverage gaps unless comprehensively reviewed. It is vital to ensure your business has full cyber insurance coverage across all aspects of the business to ensure security, both financially and in terms of data.
Deploying a Gap Analysis to reduce risks…and premiums
A Gap Analysis is essentially an IT security audit. This analysis exposes potential weaknesses and security threats that could be exploited, allowing you to apply remediation measures thus reducing the possibility of;
- Data breaches – including intellectual property and database theft
- Reputational damage
- Regulatory fines and investigations
- Loss of business revenue
Aside from reducing cyber security risks, the Gap Analysis can also function in another aspect…reducing a business’s cyber insurance premium and ensuring more complete cyber insurance coverage. Cyber insurance policy premiums are tailored to an organisations specific factors such as, the specific industry, services offered, data risks, network security, privacy policies and annual revenue. There are also a range of industry cyber insurance experts, who typically customise a policy to an organisations specific needs and risks.
CYFOR’s Gap Analysis Capabilities
Starting from an initial consultation to identify your company’s resilience to a cyber-attack, through to being protected if an employee steals sensitive company information. Our information security specialists understand the complexities of protecting an organisation’s electronic data. They are experienced in conducting information security assessments and gap analyses to provide a comprehensive view of an organisation’s security position. A detailed report will provide recommendations to secure your company, complemented by a guide on how to remediate those risks in the most efficient manner when faced with a data breach.
To enquire about CYFOR’s Gap Analysis service, please email firstname.lastname@example.org