For today’s businesses, the Internet represents a critical piece in operations, from e-commerce to data storage. Find out the reasons why your business needs cyber liability.

The importance of Cyber Insurance for Business today

 While reliance on digital devices brings many benefits, it also exposes the business to risks related to cyber ransoms, network damage, theft of personal and corporate information, copyright infringement, etc. These  issues don’t just impact an organization’s financial situation but can harm its reputation, brand, and image, as well in the last few years, there is evidence of massive breaches at major brands like Target and eBay. But there are small ones in all sorts of industries including healthcare, retail and even manufacturing with less robust cyber protection. Any company that is customer-facing or heavily reliant on technology is vulnerable.

Major Cyber-attacks have taken place in the year 2021 which has impacted big corporations  

With the growing economies and usage of electronic and computer devices, the Cyber-attacks have shown an upward trend in last two decades. According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021, has already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

Some Large Cyber attacks in past two decades which jolted the big industries and left the users vulnerable.

• The Melissa Virus
• NASA Cyber Attack
• The 2007 Estonia Cyber Attack
• A Cyber Attack on Sony’s PlayStation Network
• Adobe Cyber Attack
• The 2014 Cyber Attack on Yahoo
• Ukraine’s Power Grid Attack
• 2017 WannaCry Ransomware Cyber Attack
• A Cyber Attack on Marriott Hotels went unnoticed for years
• RockYou - The biggest password leak yet

The Evolution of Cyber Coverage:

The ancestry of cyber coverage dates back about 20+ years. Earlier, technology companies bought errors and omissions (E&O) insurance, which over time, was extended to include things like a software product bringing down another company’s network, unauthorized access to a client system, destruction of data, or a virus impacting a customer. Spreading of computer virus was a big concern – you might remember the Love Bug Virus that swept the globe in 2000 in this regard.

Later during this period, the Network security policies expanded into the privacy space by providing clear coverage for breaches of confidential information. This got the attention of retailers and other companies holding considerable consumer data. The evolution has been important to where we are now because those exposures are prevailing today.

Cyber Coverage Today

Cyber coverage is generally a combination of Three components A) Event Management, b) Data protection Obligation and c) Liability

Event Management

• First Response:

- Covers the fees and expenses of Response Advisor in providing Legal Services.

- Covers IT, Specialist, in providing the First Response IT Services

- Covers Crisis Consultant, if its appointment is considered necessary by the Response Advisor or the Insurer

• Legal Services

Covers reasonable and necessary fees and expenses of the Response Advisor in providing the Legal Services in connection with a Breach of Personal Information, Security Failure or System Failure.

• IT Services

       Covers reasonable and necessary fees and expenses of the IT Specialist in connection with a   

       Security Failure or System Failure for the purpose of:

• Investigating a Security Failure or System Failure
• Including containing a denial of service attack;
• Removing any malicious software, computer code or virus from the Company’s Computer System and/or identifying any comprised Data
• Examining the Company’s Computer System to determine the remediation actions that are required in
• Order to comply with a Regulatory Notice

• Data Restoration

• Covers costs and expenses incurred by the Insured, with the Insurer’s prior written consent, resulting from a Security Failure or System Failure

• Reputational Protection

• Covers all reasonable and necessary fees and expenses for advice and support from a Crisis Consultant and any other independent advisors approved by the Insurer in advance of such appointment (including legal advice concerning media strategy and independent public relations services) in order to mitigate or prevent the potential adverse effect, or reputational damage, of a Newsworthy Event including the design and management of a communications strategy

• Notification Cost

• Covers reasonable and necessary fees, costs and expenses incurred by the Insured, including costs associated with setting up call centres in relation to the investigation, collation of information, preparation for and notification to Data Subjects and/or any relevant Regulator of any actual or suspected Breach of Personal Information or Breach of Corporate Information

• Credit and ID Monitoring

• All reasonable and necessary fees, costs and expenses incurred by the Insured, with the Insurer’s prior

written consent, for credit or identity theft monitoring services to identify possible misuse of any Personal Information as a result of an actual or suspected Breach of Personal Information; and/or the reasonable and necessary premium for any ID Theft Insurance. Such fees, costs and expenses (including premium) will only be paid by the Insurer for Data Subjects

• Network Interruption

• Reduction in net profit after waiting hours period as a result of a material interruption as well as increased costs of working

• Cyber Extortion

• Ransom Monies (amount paid to end an extortion threat)
• Fees and expenses of a cyber extortion advisor

Data Protection Obligations

• Data Protection Investigation

• All Defence Costs in respect of a Regulatory Investigation

• Data Protection Fines

• All Data Protection Fines that the Company is legally liable to pay in respect of a Regulatory Investigation

Liability

• Personal and Corporate Information

• All Damages and Defence Costs arising from any Claim against the Insured in respect of an actual or alleged Breach of Personal Information or Breach of Corporate Information by an Insured

• Security Failure

• All Damages and Defense Costs arising from a Claim by a Third Party against the Insured in respect of an actual or alleged Security Failure
• Failure to Notify
• All Damages and Defense Costs arising from any Claim against the Insured in respect of a failure by the Company to notify a Data Subject
• Information Holder Personal and Corporate Information
• All Damages and Defense Costs arising from a Claim by a Third Party against the Company for which the Company is alleged to be liable, and which results from any actual or alleged breach of duty by the Information Holder

Cyber Attack Impact Factors: A list of hidden losses under cyber liability

A Cyber Liability policy provides coverage for both first-party costs and third-party liabilities. First-party cyber insurance coverage applies to direct costs for responding to a privacy breach or security failure, and third-party cyber insurance coverage applies when people sue or make claims against the company.

Some common first-party costs when a security failure or data breach occurs include:

• Forensic investigation of the breach
• Legal advice to determine your notification and regulatory obligations
• Notification costs of communicating the breach
• Public relations expenses
• Loss of profits and extra expense during the time the network is down (business interruption)
• Common third-party costs include:
• Legal defense
• Settlements, damages and judgments related to the breach
• Cost of responding to regulatory inquiries
• Regulatory fines and penalties

What is not Covered?

Cyber Attack Impact Factors: A list of hidden losses under cyber liability

There are a few key items that are currently not covered under a Cyber Liability policy:

• Reputational harm
• Loss of future revenue
• Costs to improve and secure internal technology systems
• Lost value of own intellectual property

Conclusion

Data breaches and network security failures happen. According to a statistical report more than 91 million security events per year. Cyber risk is an emerging risk in the world. The ability to quantify cyber risk and make informed decisions about cyber risk appetite will often be the difference between success and failure for modern enterprises. Those who do so effectively will be better positioned to enable continued growth, those who do not will expose their organization to risks with potential implications. A robust cyber insurance policy can help businesses weather the storm more effectively when a data breach or network security failure occurs.At Gargash Insurance Services, we know how important it is to protect your company’s and your clients’ sensitive digital information. That’s why we offer insurance solutions for network security, privacy and cyber liability insurance — for both first and third parties — covering risks associated with internet business, networks and informational resources.

To know more about Business Insurance, please contact us here