With the rise of Cyber crime, and new laws coming in around data security, Cyber insurance is becoming something that businesses need to know about.
Cyber Insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.
Here we look deeper into Cyber Insurance and what you need to know.
This is a general summary from our perspective and is not insurance advice - please ensure you speak with your insurance advisor about your own specific situation.
What is cyber insurance?
Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.
1. Won’t my general liability policy cover cyber liability?
General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.
It pays to check your current policies and ask questions. You may find that your other business cover won’t respond to a cyber or data breach claim.
2. The law has changed
The new Privacy Act 2020 which came into effect on 1 December 2020 means that all businesses now have legal requirements surrounding protecting data and reporting breaches.
The new Act requires mandatory data breach reporting if it’s reasonable to believe that the breach would cause serious harm to an individual. For example: If you’re engaging with a service provider to hold your clients’ personal data, for example, a cloud-based CRM system, you remain responsible for the security and use of that personal information. If a Cyber breach were to occur, you may be held liable.
What does Cyber Insurance cover?
Ensuring business continuity and safeguarding your business from Business Interruption will enable you to return to the same financial position you were in before a Cyber event.
The benefits of Cyber Insurance will depend on the type of policy you take out but can include:
- Access to a dedicated and experienced team of experts if an attack occurs
- Protection from loss where you are legally liable to others
- Cover for your financial loss if your business is interrupted due to a Cyber event.
Things to look out for in your Cyber Insurance policy:
Business Interruption: Look for a policy that covers the costs of any business interruption as you can lose time and money trying to get your business back up and running after a cyber attack.
Hacker Theft Cover: A plan that covers compensation for loss incurred, including theft or destruction of stored data, hardware, or cyber extortion from employees.
Restoration costs: Compensation for expenses incurred to research, replace, restore, or recollect digital assets during the period of restoration.
Public Relations: Reimbursement for any costs involved with public relations.
Network Extortion: Indemnity for the amount paid to avoid, defend, preclude or resolve a network extortion attempt
Data Forensic Expenses: Costs incurred to investigate, examine and analyse a computer network
Third-Party Liability: Indemnity for the sums claimed and incurred defending claims in relation to alleged privacy breaches, network security wrongful acts or media and social media wrongful acts.
What is the likely cost of Cyber Insurance?
Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. As an estimate a policy with $100,000 cover could cost as little as $600 per annum.
All businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.
What else can you do in the war against Cybercrime?
There are basic things that you can do to ensure good Cyber security. In this recent blog we share some top tips for your company.
Top tips to avoid cyber security threats:
CERT NZ has a number of useful and practical resources for businesses on keeping systems and data safe from cyber security attacks, including cyber security risk assessments for business, cyber security awareness for staff, phishing scams and your business and protecting your business online.
CERT NZ offers the following tips for simple, practical steps for businesses.
2. Implement two-factor authentication (2FA)
4. Set up logs
5. Create a plan for when things go wrong
6. Update your default credentials
7. Choose the right cloud services for your business
8. Only collect the data you really need
11. Manually check financial details
For more info and links click here:
Cyber Security is a very real issue facing business owners these days. If you would like to discuss your individual needs, we provide security assessments to ensure that your business has the best protection.
A last thought ... on ethics
Your responsibility under the law, and more importantly to the people who trust you to hold their data, is to protect their private data. Cyber insurance does not cancel your responsibility to take reasonable and needed security precautions to prevent the data from being compromised in the first place. Once you have decent security in place, only then should you consider cyber insurance.
Next...
If you would like further advice on Cyber Insurance please feel free to reach out to us.