Commercial Cyber Insurance includes cover for cyber liability and cyber crime, data breach expenses, damage to computer systems and data, incident response and more.
Most stories in the media today address the type of data loss that impacts people individually, such as bank card cloning, medical records, birth dates, ID/passport numbers and other private personal information amounting to identity theft.
On the flip side is the Commercial Cyber Liability and the impact of loss of corporate data, intellectual property or proprietary information, ransomware, malware, denial of service and loss of reputation.
DOMESTIC INSURANCE – CYBER INSURANCE
Cyber attacks don’t’ just happen to businesses, it can happen to you and your family via your mobile devices, smartphones, laptops, tablets, computer hard drives etc.
Cyber Liability will cover you against loss or damage arising directly from a cyber-attack or virus that has emanated from or passed through your computer system, and for which you are legally liable to pay, including the following benefits:
- Litigation: Legal expense cover to defend and/or institute legal action resulting from cyber liability.
- Mediation: Third party negotiation to resolve legal disputes resulting from cyber liability.
- Legal advice: Telephonic legal advice on matters relating to cyber liability.
Cyber bullying will cover you for the removal and suppression of harmful content arising out of cyber bullying, including the following benefits:
- Legal Mediation: Third party negotiation to resolve legal disputes resulting from cyber bullying to stop further cyber harassment.
- Legal assistance and advice: Telephonic legal advice on matters relating to cyber bullying.
Cyber theft will cover you for any monetary loss that you suffer as a result of cyber theft.
Who should take out the cover?
All commercial entities, but especially those with an electronic or social media presence. When it comes to a data security breach or privacy loss, it isn’t a matter of if it will happen as much as when it will happen.
According to PWC’s Global Economic Crime and Fraud Survey 2018, it is found Economic crime continues to disrupt business, with this year’s results showing a steep incline in reported instances of economic crime in South Africa – once again we have the dubious honour of having the highest levels in the world, at a staggering 77%!
What does it Cover?
A Commercial Cyber policy is usually in three parts or section, namely :
- Crisis management
- First Party Coverage
- Third Party Liability
Or Incident response – it is essential that your cyber policy include this. The 24/7 Crisis Management is the support system that you trigger as soon as you suspect ransomware, data breach or any other type of attack. They will immediately respond even if you don’t know the extent of the damage, type of attack or even what it is going to cost your company. The policy will provide a support network of DDoS remediation, Cyber extortion, fraud remediation, forensic investigators and public relations experts. Crisis Management includes a large element of Reputational Risk – being tried by a jury of public opinion is a by-product of our transparent on-line society. Often society’s opinions change faster than any regulations ever could. Media experts will probably be a necessity to preserve and protect a companys reputation.
First Party Coverage
Mitigates the costs and ramifications of a Cyber incident and often includes the Crisis Management above. It will could also include such costs as:
- Cyber Extortion Damages and expenses
- Business Interruption : income lost
- Data recovery and restoration costs including increased cost of labour and equipment
- Breach of Privacy notification expenses
Third Party Liability
Protects your company for liabilities stemming from the loss of corporate or personal or proprietary confidential information and will include cover for:
- Conduit : Transmission of a Cyberattack
- Impaired Access and DOS
- Content: Intellectual property infringement through mismanagement of data or statistics
- Defamation or loss of privacy through Cyber Activity
- Privacy : Failure to protect records or data, both the printed word or in digital format]
Remember – Directors and Officers can be held liable in their personal capacity for their fiduciary duties. This includes the actions taken to mitigate Cyber Liability exposure to a company – refer to our notes on Directors and officers Liability Insurance.
Trends showing susceptibility of companies
Professional Services Firms, such as attorneys, medical aid brokers, accountants have been targeted by criminals because of the wealth of personal data that the accumulate.
Retail outlets whether online or premises bound – these companies often have a few locations and may not even have a network or centralised operating system and may have a 100% dependency on online sales.
The hospitality sector retains a huge amount of personal information on both guests and employees, with dependency on websites for on line bookings, reviews and orders.
Example of Claims
An employee opened a link received by email, unwittingly allowing his company’s security systems to be breached. The criminals then held the company’s online retail site to ransom, denying service to the website and online shopping until such Ransom was paid.
The wrong attachment is sent to a customer, who is therefore a third party. This attachment contains personal identifiable information. This would constitute a privacy breach and the incident recovery team would be deployed. The claim would to include costs to monitor thefts from those persons whose identities had been compromised, as well as any resultant liability claims.
Its not always a criminal intent on harm that causes the damage!
A Cyber attack such as those mentioned above can even go further – this can spread through your suppliers and customers and you needn’t be the intended target. Perhaps your data storage hub is actual target and you end up suffering losses because they are compromised?
Do you still think it can’t happen to you?