The importance of a comprehensive cyber insurance policy

The often modular nature of cyber insurance policies means that they consist of a variety of different coverage areas.

For many people, this has resulted in confusion around exactly how this coverage fits together to create a uniform whole. To provide clarity, we have dissected a cyber policy - section by section - to show how each part functions.

The majority of cyber policies can be divided into two areas of cover: first party and third party.

First Party

The first party is you, so this cover accounts for your own financial loss arising from a cyber event. A cyber event is defined as any actual or suspected unauthorised system access, privacy breach, electronic attack or system downtime. It is vital to note that the majority of cyber claims stem from first party losses.

Third Party

The third party section covers you for claims made against you as the result of a cyber event. In the context of a cyber insurance policy, cybercrime typically refers to attacks that involve the theft of funds from the victim, as opposed to theft of data or other digital assets. Generally speaking, this usually happens in one of three ways:

Extortion: hackers threatening to expose or destroy data that they have successfully compromised in order to extort money.
Electronic compromise: attackers manage to hack into your network and gain unauthorised access to online accounting or banking platforms.
Social engineering: in this advanced scheme, attackers imitate a senior member of staff, a customer or a supplier in an attempt to mimic their tone of voice and make demands, such as transferring money or opening a malicious link.

Does your policy cover all cybercrime?

To ensure your cover is comprehensive, you should look for a policy that covers the full range of cyber crime types, including funds transfer fraud, ransomware, targeted extortion and emerging forms of malware such as ‘cryptojacking’, where your IT system is used to mine cryptocurrency and ‘botnetting’, whereby your systems are used to send malicious traffic.

You will need to ensure that your systems and procedures are robust, as your policy may include a condition whereby you must have agreed levels of security in place, such as call-back procedures on any requests to transfer money.

How quickly will you be up and running again?

A quick recovery from a cyber event is key; as such, incident response is at the heart of a strong cyber policy. This section of cover will generally pick up the costs involved with responding to a cyber incident in real time. This includes IT security and specialist forensic support, legal advice in relation to any data security breaches and the costs associated with notifying any individuals that have had their data compromised. A key aspect of a cyber policy is that it provides speedy access to specialists and covers the costs of accessing their service, making it highly important.

A strong system damage and business interruption section within a cyber policy is incredibly valuable. Helping to keep your business up and running, this crucial section covers the costs for applications and data to be repaired, restored or recreated in the event that systems are damaged as a result of a cyber event. This section also reimburses the loss of profits and increased cost of working as a result of any interruption to business operations caused by a cyber event, including prolonged system downtime.

Lawsuits and fines

Lawsuits and fines have the ability to destroy your business, which is why network security and privacy liability is another important part of a cyber policy. This section covers third party claims arising from a cyber event, including the transmission of harmful malware to a third party’s system and failing to prevent an individual’s data from being breached. It is essential to note that fines for a breach of certain sections of GDPR are up to 4% of total turnover, with a limit of twenty million Euros.

Although it is often optional, a section that should not be overlooked if you have a website or use emails in a business capacity is media liability. This covers third party claims made against you arising out of defamation or infringement of intellectual property rights.

As your broker, we are here to help you to source the most appropriate cyber cover to meet your requirements.

To find out more about how we can help you, call us on 01494 450 450 or get in touch via insure@jbennett.co.uk