Lwood & Co Insurance Brokers Bingley

Cyber Liability and Financial Crime Cyber Liability and Financial Crime

During the last five years there has been a dramatic increase in the number of cyber attacks and financial fraud to businesses throughout the UK.

From “ransomware” attacks to fraudsters impersonating suppliers, banks and even the Managing Director, companies are increasingly vulnerable and need to consider Insurance as a way of helping.

At the same time, the new General Data Protection Regulation (GDPR) was adopted in 2016 and officially enters in to application 2018 with its purpose of extending the scope of EU Data Protection Law for all companies. This Regulation comes at a cost of strict data protection compliance with severe penalties up to 4% of worldwide turnover and companies must be accountable for losses.

Request a Call Back

It is important to note cyber attacks and financial crime are treated differently by insurance companies with separate policies and covers. A business should consider both in order to maximise protection to themselves.

Cyber Liability Insurance

As businesses become ever more reliant on technology, the risks in suffering a loss relating to problems on their computer systems or holding sensitive customer data continues to grow.

From the loss of a laptop, a website being hacked, credit card data being stolen, a denial of service attack or a file of sensitive information left on a train; these can all have an impact on your business from loss of revenue, damage to reputation and legal regulatory costs.

The media continues to report on large companies being affected but they rarely mention small and medium companies being attacked and from recent statistics, a “ransomware” attack is occurring at least once a day.

There is a misconception that small companies will not be affected. Every company that holds sensitive customer information or is reliant on a computer system, has a website and is subject to the Payment Card Industry (PCI) merchant services agreements are vulnerable on a data breach. Though business owners are mindful and wary of risks to the business, a “spam” email may be opened by a junior employee which can lock a computer system and impact the business.

Suffering a cyber-attack is one thing but the time it takes a business to recover can make the difference between long term business success or failure. Learning the lessons from a cyber-attack should be seen as an important part of any business’s cyber strategy but 32% of the small businesses with fewer than 50 employees said nothing has changed in the past 12 months as a result of security incidents. For UK businesses with 99 or fewer employees, the average estimated cost of their largest cyber incident over the last 12 months was £25,736, compared to £62,712 for UK businesses with 1,000 or more employees. Yet these amounts only reflect the immediate direct costs and don’t include the longer term impact on business reputation and consumer confidence

A Cyber Liability Insurance policy provides various covers including:-

Practical Support in the Event of a Data Breach: Including forensic investigations to find out what went wrong and whose data has been at risk, legal advice, notifying the Regulator and customers and offering support to clients who have been affected.

Payments of Costs Associated with Regulatory Investigations: If the Regulator makes a claim against you for failing to keep customers data secure, an insurance policy will assist the policyholder.

Reimbursement for Costs of Repairs following Restoration or Replacement: A hack to your website or network can cause damage and costs to repair / restoration can be significant.

Loss of Income: Damage to your website can result in a loss of revenue which could take weeks if not longer to rectify.

Brand and Reputation: Your company’s reputation is very important and notifying customers their data has been compromised can have an impact so it is important to act quickly and we reassure the public the damage is minimal.

Extortion: Insurers in some cases will look to pay the Ransom in order to minimize long term costs

We understand the cyber risks to your business and can assist your concerns. It is your responsibility as a “data controller” to understand all the risks, including the “Outsource Service Provider” who may hold your data. From experience an OSP’s contract omits any consequential loss should they be hacked resulting in a loss of your data. This is an emerging risk and poses a threat to any business using an Outsourced Service Provider for any part of the business.

Financial Crime and Fidelity

Though a Cyber Liability policy will assist your company should data be stolen, what happens if there is a financial theft?

Recent statistics say that 34% of companies have experienced a financial crime during the last two years from employees stealing to fraudsters impersonating suppliers. One in ten of these companies incurred losses of over £3m and with the ever increasing reliance on technology, it is viewed these statistics will only increase.

A Financial Crime or Fidelity policy provides cover for theft from the insured by anyone whether employed by them or not including cheques and security fraud, telephone hacking fraud and employee dishonesty.

As a business owner or director in the company you should continually monitor the processes of finance and insurers would expect an element of risk management. An insurance policy will also provide peace of mind should a mistake be made resulting in a fraudulent act being committed.

With an ever increasing number of examples of companies being affected by cyber attacks and financial crime and please give us a call if you wish to discuss these or have any queries about either of these covers.

Scenario 1: Employee Error Potential Impact
An HR recruiter for a healthcare organisation accidentally attached the wrong file when sending an email to four job applicants. The file included HR demographic data consisting of 43,000 former employee names, addresses, and national ID numbers. The insured telephoned the Chubb Incident Response Hotline for assistance and an incident response manager was assigned. Legal services were brought in to manage regulatory implications.

Privacy Liability - mismanagement of personal and/ or corporate confidential information, violation of company privacy policy.

– Defence expenses arising from regulatory investigation. - £55,000
– Defence and settlement costs for claims employees that had identity stolen - £100,000

Incident Response Expenses

– Incident response manager fees - £5,000
– Notification to affected individuals - £3,000
– Identity theft monitoring services for affected individuals - £13,000
– Legal consultation fees - £10,000

Takeaways As innocent as it may seem, human error can be very costly, and it occurs more frequently than expected. It’s important to understand that cyber is not only related to technological incidents. Many of the claims we see stem from very simple mistakes. Total Cost
Scenario 2: Denial of Service Attack Potential Impact
The data centre which hosted an online retail company’s website became the target of a distributed denial of service attack. The attack, which utilised hacked internet of things devices, flooded the data centre’s network with so much traffic that their network failed. This made the online retail company’s website inaccessible for a period of six hours before backup systems were able to restore 100% functionality. The insured in this scenario is the online retailer. After telephoning the Chubb Incident Response Hotline, an incident response manager was assigned.

Recovery Costs

– Increased cost of working required to get website functioning properly - £9,000
– Costs to subcontract with external service provider - £12,000

Business Interruption

– Lost sales and revenue from website downtime - £100,000

Incident Response Expenses

– IT forensics firm - £12,000
– Legal consultation fees - £10,000
– Incident response manager fees - £6,000

Takeaways Distributed Denial of Service (DDoS) attacks are becoming more powerful as the use of easily hacked internet of things devices increases. To minimise impact of a scenario like this one, it is important to build a business continuity plan that ensures critical business applications, systems, and activities do not rely on only one critical IT provider. Chubb’s incident response managers and vendors are experienced in dealing with DDoS attacks and will assist in getting your business back on track as soon as possible. Total Cost

Source: https://www2.chubb.com/uk/en/business/by-category/by-category-cyber-risks/assets/chubb_cyber_claims_examples_ukc3690.pdf

Bespoke Insurance Solution

Every company is different and requires a Bespoke Insurance Programme to be suitable for their needs.

Risk Management

Our Health and Safety consultants can advise on managing your risks which in turn can reduce insurance costs.


With over 50 years in the Leisure and Hospitality industry we can advise on the key risks that face your business and what you need to do to reduce them

The ever changing world of insurance is complex and L Wood & Co Ltd have consistently provided the correct advice on the levels of insurance required for many years together with an excellent claims service. Being a family business gives them a “down to earth” approach and their assistance has been greatly appreciated. We are more than happy to recommend them.

Roger Thompson

In an industry that is somewhat confusing with ever changing regulations, Tom and Kevin at L Wood & Co Ltd have consistently provided excellent advice on the levels of insurance we require. As a global company with offices across the world, our insurance requirements are specialised and they have always provided excellent service and good advice. I have no doubts in recommending L Wood to anyone that requires a tailored insurance programme.

Vicki Horsfield

Contact us today for a quote