Do I need cyber Insurance?
Cyber Crime is a real threat to all Industry types & it is on the increase. All Sectors are now reliant on networks and electronic communications. If you store sensitive client data (such as their name, address, telephone number or payment details), rely on computers to carry out your work or operate a website, you should consider taking our cyber and data risks insurance to protect against data breaches, the costs of restoring your own data and equipment, and compensation payable to your clients.
What types of claim does cyber insurance protect against?
Cyber insurance protects against a wide range of scenarios, including: A spreadsheet containing all of your clients' personal information (including payment details) is stolen by a hacker in a targeted attack. You are covered for the costs associated with informing your customers, your legal defence costs and any damages you are legally required to pay to other parties. In a targeted attack, a hacker threatens to encrypt the hard drive of the laptop you use for your business unless you pay them a ransom. You are covered for the cost of meeting the ransom demand. A targeted denial of service attack causes an outage on your website. You are covered for the cost of restoring or reinstating the data to get your website back online, as well as loss of net profit.
What is Cyber Extortion?
When data or applications fall under the control of hackers they often demand a hefty ransom in order to restore access. Cyber extortion coverage will pay the ransom and pay for the costs of consultants or other professional brought in to address the problem.
What limit of cover should I choose?
Many clients and industry bodies with regulatory requirements will require you to have a minimum level of cover in order for you to undertake a contract, so it's worth checking this before you arrange cover. If you're unsure, or it's the first time you have arranged cover, give some thought to a worst-case scenario and the likely costs involved in putting your mistake right. We offer a range of limits, so you're sure to find the right cover for your business.
What Data is Covered?
Cyber insurance is available to cover almost every type of data. What is important to realize, however, is that individual policies do not necessarily protect all the data your company relies on. Again, understanding what you need to protect and what kinds of coverage you are actually getting is the only way to eliminate coverage gaps and cracks in your policy. Data Types are : Personal Health Information (PHI), Personally Identifiable Information (PII), Payment Card Information (PCI), Confidential Information, Third-Party Data.
What Crisis Management is offered?
When a cyber incident occurs, whether it is through some kind of invasive software (malware, ransomware) or other form of cyber attack, there is usually a privacy breach as a result – i.e. private or confidential information/data is exposed. This policy section provides cover for the costs associated with responding to a privacy breach, including:
- Incident response costs and crisis response specialists & hotline – the people you call when a cyber incident has occurred;
- Notifying third parties about the data breach, including mandatory notification and voluntary notification to clients, service providers or otherwise;
- Performing computer forensics to determine the existence, cause, and scope of a network compromise or data breach;
- Public relations costs associated with mitigating any reputational harm; and
- Providing credit or identity monitoring and identity protection for those individuals whose personal data was or may have been breached as a result of a network compromise or data breach.
What is Privacy & Security Liability
This section protects you from claims/lawsuits as a result of a privacy and security wrongful act, such as:
- Loss, theft or failure to reasonably protect personal data or confidential business information;
- Violation of privacy laws or data breach reporting requirements;
- Failure to implement adequate privacy or network security practices;
- Negligence resulting in a failure to prevent a network compromise that results in:
- Damage or loss of use to a third-parties computer system or data; and
- Transmission of malware or a denial of service attack to a third party;
- Failure to comply with your privacy policy and/or privacy notice.
Do I need to know how many records I hold?
Yes, but it is not always possible to know precisely, and insurers will allow a margin of error in the calculation. First start by counting how many people do you have Personally Identifyable information on. You may have various data points within that, like name, health information, credit card details, DOB etc, so then discuss with your broker how "data records" are defined, and your nearest estimate on that will be sufficient.