What you need to think about before purchasing cyber insurance
Many businesses will probably already know where they stand with regards to contents insurance and employers’ liability, but most of the same organisations, both newly established and longstanding, can be forgiven for approaching the relatively new cyber insurance wave with hesitation.
And not because it’s not now considered one of the more essential forms of business insurance, after all there is no company that isn’t a target if they use computers or devices, but because with fraud and computer misuse now the most common form of crime, it’s difficult to know exactly what cover needs to be included, as all cyber insurance policies can vary.
First things first – review your security
Conversations with your IT systems support or provider are a good start as they will be able to tell you what anti-virus software you currently have in place and how effective this is. If you’re a smaller outfit and you handle this yourself, check to see whether there are better options now which may not have been on the table when you initially installed the software.
This first-level defence is one of the simplest and most effective ways to play it safer online and help prevent a cyber attack, but it’s by no means able to shoulder the entire burden that cyber attacks are capable of inflicting, as tactics are forever developing in order to get around these obstacles.
Check your current insurance
Does your existing insurance include cyber cover? If it doesn’t, it should be considered as a matter of some urgency. If it does, a closer look will help you decide whether it’s adequate, or if it’s more of a “token” addition that has enough exclusions to render it useless in the event of a claim.
How do you know what you’re looking for? Here’s an overview of the kind of features that can be included in a cyber insurance policy:
Data liability – There’s a lot of responsibility in holding customer data, as this could be personal or sensitive data that might be used to their detriment. If you lose this data, you can be held responsible, and be liable to pay compensation costs to anyone who’s been affected, which depending on the size of your data base, could be more than you could financially handle if it weren’t for your insurance. On top of this, you will be expected to pay for your own defence costs if the complaints end up in the court room.
Regulatory coverage – Government or regulatory bodies may also have something to say and want to take action themselves around any data breaches, if it’s discovered that lapses in security or other careless action may have contributed to loss of data. Often this is only applicable to civil fines and penalties.
Remediation coverage – There may well be other ramifications following a data loss, such as forensic costs, credit monitoring of those affected and PR crisis management. This is where remediation coverage comes into play.
Information assets coverage – This covers the computers, devices and any other equipment affected through corruption of technical failure, and can help restore and repair these assets to allow the company to get back up and running.
Business Interruption – Depending on the severity of a breach or system breakdown, there may be a period where daily operations become near impossible temporarily, and business interruption can make up for lost revenue during this time, providing a realistic recovery period has been estimated at the time of purchasing the policy. This is why it’s a good idea to really think about how long it would take to get back to full operation following serious IT issues.
Extortion coverage – One method of criminal money-making in the cyber world is to either steal data or threaten to crash a company’s website indefinitely and demand a payment to avoid this. Extortion cover is designed to support a company financially if they respond to these demands.
Check the Fine Print
When you’ve decided on a policy that you think is going to work for you and includes everything you deem to be essential for your business, be sure to read through it thoroughly to make sure that there are no exclusion which are going to make a claim difficult. Such exclusions might focus on the specifics of your company’s network security – it’s this fine print you need to be wary of.
If you’re still not clear on cyber insurance, our experts at Watkin Davies can help. Our friendly team can offer you advice whether you have an insurance policy or not. Call us on 029 20 626 226 or visit www.watkindavies.com/commercial/cyber-insurance