Your company is likely insured to cover a variety of business risks. Some of the most common business coverages include general liability insurance, product liability insurance, professional liability insurance, commercial property insurance and perhaps specialty coverages depending on your business needs. Most business managers assume that they are well protected. However, it is time for an insurance review that includes a relatively new, yet potentially devastating risk: cybercrime.
Most insurance companies exclude electronic data under the definition of ‘covered property’. General liability coverages are designed for bodily injury or property damage, and these are narrowly defined in the policy, leaving no room to cover electronic data.
Insurance companies and have kept abreast with the blazing advancement in cyber technology. While technology continues to advance at a rapid pace, the insurance industry is struggling to keep up. There are, however, some companies that are developing and marketing cyber insurance policies to cover the potentially devastating impact of a cyberattack.
Many large companies are working with their insurers to write specific risk policies that provide coverage for business interruption, liability, remediation costs and other damages inflicted by cyberattacks. The cyber insurance industry is estimated to be a £3 billion per year business and growing fast. The following examples tell why more companies are adopting cyber insurance:
Bupa – A data breach lost them the personal details of 108,000 customers’ that they provided with international health plans
TalkTalk – Fined £100,000 when they violated data protection laws and put the data of 21,000 telecommunications customers at risk.
Insurance companies are working on developing risk assessment practices to better manage the cyber vulnerability score of insurance applicants. Of course, the higher the risk score, the more the applicant will pay for coverage if a policy is underwritten. Many insurance companies are using Payment Card Industry (PCI) data security standards as a base line for providing coverage. These standards demand the implementation security practices such as firewall protection, and other intrusion, encryption and data loss protections. An organisation that is not in compliance with PCI standards will find it.
To summarise, cyberattacks are increasing in sophistication and frequency. A well written and rated cyber insurance policy can protect businesses from costly breeches and their associated liabilities. In order to get the best coverage at a reasonable rate, review your security profile prior to applying for coverage. The cost of strong security infrastructure can be offset by lower insurance rates and by the advantage of defeating attacks before the damage is done.