A cyber insurance policy also referred to as cyber risk insurance or cyber liability insurance, is designed to help an organisation mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event. Cyber insurance has begun catching on in the Irish market since the General Data Protection Regulation (GDPR) came into force in May 2018. However, Thompson Insurances have been managing complex cyber insurance programmes since 2008.
The increased inquiries for cyber cover indicate that organisations are seeing a need for cyber insurance, but what does it cover? Cyber insurance typically covers your own costs/ expenses arising from a cyber breach as well as claims by third parties. Although there is no standard for underwriting these policies, an insurer will need a company to demonstrate good IT security. Some of the expenses your cyber insurance policy can be expected to respond to include:
Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement.
Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law under GDPR, and credit monitoring for customers whose information was or may have been breached.
Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. The jury is still out on whether regulatory fines are insurable but many cyber insurance policies provide the cover with the proviso “where legally allowable to do so”. This may also include the costs of cyber extortion, such as from ransomware.
Keep in mind that cyber insurance is still evolving. Cyber risks change frequently and organisations tend not to report the full impact of breaches in order to avoid negative publicity and damage the trust of customers. Thus, underwriters have limited data on which to determine the financial impact of attacks. Essentially, the true risk of cyber attacks is not completely understood.
Thompson Insurances are well placed to source competitive pricing and, perhaps more importantly, the most enhanced cover specification available in the market.