Cyber Risk Insurance
Also see Austbrokers SPT website Cyber Insurance – SPT Insurance | Austbrokers and refer to Jo Ross re Cyber Facility.
When considering insurance for your business most people naturally consider the tangible assets of the company, but what about the valuable non-tangible assets?
Almost every business, big and small, handles some form of important data which could be compromised by a cyber incident. This can include sensitive personal information collected from customers or clients, details about staff, crucial information about the business such as budgets, sales data, marketing plans and suppliers details, or credit card and bank account details.
If a business stores any of these forms of information electronically or has a website or an online presence, that business may be at risk of becoming a victim of a cyber-attack or data breach. An attack on a business could be a costly experience, with the potential to jeopardise intellectual property, cause reputational harm and put the company permanently out of business.
What is cyber insurance?
Cyber insurance is designed to support the business in the event of a cyber-attack or incident resulting in a security or privacy breach, by paying for the significant costs incurred in investigating the incident, taking correction action and restoring the business back to normal trading conditions – effectively protecting the profitability of the business.
Cyber insurance also protects the business against claims from third parties, such as clients suing for breach of privacy or action taken by certain regulators such as the Office of the Australian Information Commissioner (OAIC).
It can prove a vital component in a business owner’s risk management toolkit.
What is included in a cyber insurance policy?
First Party Costs – covers the costs associated with responding to a cyber incident including:
- IT forensic costs
- data recovery costs
- legal representation expenses
- notification and public relations costs
- cyber extortion costs including ransom demands
Third Party Losses Cover – covers liabilities to third parties following a cyber incident including:
- claims for compensation
- legal defence costs
- costs arising from investigations by a government regulator
- fines and penalties for breaching the Privacy Act
Business Interruption – covers lost profits as a direct result of a cyber incident and may include:
- loss of income
- business expenses
- increased cost of operating your business
Cyber insurance claims examples
A retail company’s website was defaced and included a link to a competing retailer’s website when hackers gained access to personal information of their customers and overtook their website.
$800,000 was paid for loss of income, cost to repair the website, defence costs for regulatory actions by the Commissioner and costs of notifying the affected individuals including providing credit monitoring services.
A law firm’s server and client records were locked by ransomware software. The firm was only able to get the files released after paying a ransom of $100,000 to hackers.
$275,000 was paid from the Cyber Policy for the loss of income, the ransom demand including consultants costs to advise on handling and negotiating the ransom and to pay for the costs to restore the network as the hackers refused to release the files despite ransom payment.
Denial of Service Attack
A charity was targeted with a denial-of-service attack (floods a targeted system with incoming web traffic until it is virtually crippled) in the last few days of a fundraising campaign. People were unable to make donations for a day while the website was being fixed.
$1,500,000 paid for the lost donations and rectifying the damage to the charity’s website.
A travel agency experienced three separate data breaches over a three-year period in which hackers gained access to the company’s computer system. Over 250,000 individuals’ credit card information and passport details were compromised.
$1,750,000 paid from the Cyber Policy for the forensic and legal costs in defending the investigation brought by the regulator and the cost of notifying the affected individuals including providing credit monitoring services.
An accountancy firm’s employee accidentally misplaced a company laptop that contained details of 1,000 client tax records and credit card details.
The Cyber Policy paid out $250,000 to cover the costs incurred in notifying the affected individuals as well as the Commissioner of the breach. The cost of hiring a public relations firm to assist with re-building their business reputation was also included.
The information contained in this fact sheet is meant as a hypothetical guide only. Austbrokers SPT Pty Ltd does not accept any liability arising out of any reliance on the information contained in this fact sheet.