For today’s businesses, the Internet represents a critical piece in operations, from e-commerce to information delivery and data storage. While reliance on digital devices brings many benefits, it also exposes the business to risk related to cyber ransoms, network damage, theft of personal and corporate information, and copyright infringement, etc. These liability issues don’t just impact an organization’s financial situation, but can harm its reputation, brand and image, as well.
A recent cyber attack that you would be aware of is the WannaCry Ransomware attack, which claimed 200,000 victims in 150+ countries, has been the talking note throughout the globe. This is not the only attack in the recent past. The cyber attack stands to witness about an estimate of at least 61,341,797 leaked records May, 2017.
In the last few months, there is evidence of massive breaches at major brands like Target and eBay. But there are small ones in all sorts of industries including healthcare, retail and even manufacturing with less robust cyber protection. Any company that is customer facing or heavily reliant on technology is vulnerable.
The Evolution of Cyber Coverage
The ancestry of cyber coverage dates back about 20+ years. Earlier, technology companies bought errors and omissions (E&O) insurance, which over time, was extended to include things like a software product bringing down another company’s network, unauthorized access to a client system, destruction of data, or a virus impacting a customer. Spreading of computer virus was a big concern – you might remember the Love Bug Virus that swept the globe in 2000 in this regard.
Later during this period the Network security policies expanded into the privacy space by providing clear coverage for breaches of confidential information. This got the attention of retailers and other companies holding considerable consumer data. The evolution has been important to where we are now because those exposures are prevailing today.
Cyber Coverage Today
Cyber coverage is generally a combination of four components: Errors and omissions, media liability, network security and privacy.
Errors and Omissions:
These are claims arising from errors in the performance of services. This includes technology services, like software and consulting, or more traditional professional services like lawyers, doctors, architects and engineers.
These are advertising damage claims such as infringement of intellectual property, copyright/trademark infringement, libel and slander. Due to the internet presence of businesses today, this coverage is bundled into a media component in a cyber policy or a separate media liability policy.
A breach in network security can lead to many different exposures, including a consumer data breach, destruction of data, virus transmission and cyber extortion. The hackers might be looking to shut the network down to seize business operations, either for financial or political gain. Network security coverage can be taken if the company is holding trade secrets or patent applications for a client (mainly governmental organizations).
Many insurance policies only cover tangible losses, but a breach in network security may lead to electronic losses (intangible losses) that are devastating. Network security insurance covers loss from activities such as:
Data and system integrity issues
Data theft or tampering
Data restoration losses
Denial of service and Business interruption losses
Privacy doesn’t generally have to involve a network security breach. It can be a breach of physical records, such as files thrown in garbage, or human errors such as a lost laptop, or sending a confidential email to the wrong email address. To quote an example, companies have also faced liabilities from returning a photo copy machine with a hard drive that contained un-erased customer tax records. A privacy breach also includes actions like wrongful collection of information.
If a company uses the internet to conduct business or sales, store personal information such as customer credit card or ID numbers, or store sensitive confidential information, a security breach - but not limited to - cyber attack, virus etc. can cause irreparable damage. Privacy liability coverage under a cyber liability policy provides coverage for:
Notifying the concerned those whose personal information has been compromised
Regulatory defense coverage
Expenses to comply with government privacy regulations
Cyber Attack Impact Factors:
A list of hidden losses under cyber liability
A Cyber Liability policy provides coverage for both first-party costs and third-party liabilities. First-party coverage applies to direct costs for responding to a privacy breach or security failure, and third-party coverage applies when people sue or make claims against the company.
Cause of loss under each section:
Some common first-party costs when a security failure or data breach occurs include:
Forensic investigation of the breach
Legal advice to determine your notification and regulatory obligations
Notification costs of communicating the breach
Public relations expenses
Loss of profits and extra expense during the time the network is down (business interruption)
Common third-party costs include:
Settlements, damages and judgments related to the breach
Cost of responding to regulatory inquiries
Regulatory fines and penalties
What is not Covered?
There are a few key items that are currently not covered under a Cyber Liability policy:
Loss of future revenue
Costs to improve and secure internal technology systems
Lost value of own intellectual property
Data breaches and network security failures happen. According to a statistical report more than 91 million security events per year.
Cyber risk is an emerging risk in the world. The ability to quantify cyber risk and make informed decisions about cyber risk appetite will often be the difference between success and failure for modern enterprises. Those who do so effectively will be better positioned to enable continued growth, those who do not will expose their organization to risks with potential implications.
A robust cyber insurance policy can help businesses weather the storm more effectively when a data breach or network security failure occurs.
At Gargash Insurance Services, we know how important it is to protect your company’s and your clients’ sensitive digital information. That’s why we offer insurance solutions for network security, privacy and cyber liability insurance — for both first and third parties — covering risks associated with internet business, networks and informational resources.