It is important to note cyber attacks and financial crime are treated differently by insurance companies with separate policies and covers. A business should consider both in order to maximise protection to themselves.
Cyber Liability Insurance
As businesses become ever more reliant on technology, the risks in suffering a loss relating to problems on their computer systems or holding sensitive customer data continues to grow.
From the loss of a laptop, a website being hacked, credit card data being stolen, a denial of service attack or a file of sensitive information left on a train; these can all have an impact on your business from loss of revenue, damage to reputation and legal regulatory costs.
The media continues to report on large companies being affected but they rarely mention small and medium companies being attacked and from recent statistics, a “ransomware” attack is occurring at least once a day.
There is a misconception that small companies will not be affected. Every company that holds sensitive customer information or is reliant on a computer system, has a website and is subject to the Payment Card Industry (PCI) merchant services agreements are vulnerable on a data breach. Though business owners are mindful and wary of risks to the business, a “spam” email may be opened by a junior employee which can lock a computer system and impact the business.
Suffering a cyber-attack is one thing but the time it takes a business to recover can make the difference between long term business success or failure. Learning the lessons from a cyber-attack should be seen as an important part of any business’s cyber strategy but 32% of the small businesses with fewer than 50 employees said nothing has changed in the past 12 months as a result of security incidents. For UK businesses with 99 or fewer employees, the average estimated cost of their largest cyber incident over the last 12 months was £25,736, compared to £62,712 for UK businesses with 1,000 or more employees. Yet these amounts only reflect the immediate direct costs and don’t include the longer term impact on business reputation and consumer confidence
A Cyber Liability Insurance policy provides various covers including:-
Practical Support in the Event of a Data Breach: Including forensic investigations to find out what went wrong and whose data has been at risk, legal advice, notifying the Regulator and customers and offering support to clients who have been affected.
Payments of Costs Associated with Regulatory Investigations: If the Regulator makes a claim against you for failing to keep customers data secure, an insurance policy will assist the policyholder.
Reimbursement for Costs of Repairs following Restoration or Replacement: A hack to your website or network can cause damage and costs to repair / restoration can be significant.
Loss of Income: Damage to your website can result in a loss of revenue which could take weeks if not longer to rectify.
Brand and Reputation: Your company’s reputation is very important and notifying customers their data has been compromised can have an impact so it is important to act quickly and we reassure the public the damage is minimal.
Extortion: Insurers in some cases will look to pay the Ransom in order to minimize long term costs
We understand the cyber risks to your business and can assist your concerns. It is your responsibility as a “data controller” to understand all the risks, including the “Outsource Service Provider” who may hold your data. From experience an OSP’s contract omits any consequential loss should they be hacked resulting in a loss of your data. This is an emerging risk and poses a threat to any business using an Outsourced Service Provider for any part of the business.
Financial Crime and Fidelity
Though a Cyber Liability policy will assist your company should data be stolen, what happens if there is a financial theft?
Recent statistics say that 34% of companies have experienced a financial crime during the last two years from employees stealing to fraudsters impersonating suppliers. One in ten of these companies incurred losses of over £3m and with the ever increasing reliance on technology, it is viewed these statistics will only increase.
A Financial Crime or Fidelity policy provides cover for theft from the insured by anyone whether employed by them or not including cheques and security fraud, telephone hacking fraud and employee dishonesty.
As a business owner or director in the company you should continually monitor the processes of finance and insurers would expect an element of risk management. An insurance policy will also provide peace of mind should a mistake be made resulting in a fraudulent act being committed.
With an ever increasing number of examples of companies being affected by cyber attacks and financial crime and please give us a call if you wish to discuss these or have any queries about either of these covers.