According to a government report,* almost 40% of UK businesses reported having cybersecurity breaches or attacks. Many small businesses may feel it is no longer a question of if they might suffer a breach, but when.
What is Cyber Liability Insurance?
If a company’s IT security is found to be inadequate and a breach occurs, the penalties can be high. Cyber liability insurance provides cover for a business for specific liabilities arising out of cyberattacks such as hacking, unintentionally transmitting a computer virus or the failure to properly manage and control personal information. Under the General Data Protection Regulation that came into force in May 2018, you are required to notify your customers of a cybersecurity breach and could be fined up to 4% of your annual turnover.**
In addition to potentially substantial fines, it can also lead to a damaged reputation, legal costs, and associated business disruption and lost revenue. Will your customers trust you after a security breach?
Cyber cover and why you may need it
Cyber liability has become headline news following a number of high-profile hacking cases which has led to a greater awareness of the risks and need for cover, but it’s not just the large corporates who are at risk. As a managing agent, you are likely to hold a lot of personal and sensitive data concerning your customers. The increasing use of online portals could give hackers access to sensitive information held about individual customer accounts. You can find out more about personal and sensitive data on the Information Commissioner’s Office website www.ico.org.uk
Gallagher works with well-known insurers who offer comprehensive cyber insurance. This is designed to cover you against financial losses and third-party liabilities up to the limits chosen arising from cyberattacks.
Your business is at risk if you:
Are reliant on computer systems to conduct your business
Have portals on your website
Hold sensitive customer data electronically
Have a transactional website
Are subject to Payment Card Industry (PCI) merchant and service agreements
Cyber Liability Insurance covers*:
Liability arising out of media exposure as a result of hacking. For example defamation, libel and infringement of intellectual property rights
The costs incurred, and which cannot be recouped, as a result of a third party benefitting from a data breach
Liability arising from the failure to properly handle, manage, store, destroy or otherwise control personally identifiable information
The costs to withdraw or alter data or images, or other website content as a result of a court order or to mitigate a claim
Liability arising out of the unintentional transmission of a computer virus
The costs to recover your computer system records that have been lost, damaged or deleted
Liability arising out of a hacker’s fraudulent use of information
Compensation costs arising as a result of directors, partners and employees attending court in connection with a covered claim
Legal defence costs
Cover options available and their benefits*:
A forensic consultant to establish the identity or methods of the hacker, or any other details required by the insurer following a data breach
A security specialist to assess your electronic security and reasonable costs to improve them
The temporary storage of your electronic data at a third party location, if your information and communication assets remain at risk from a hacker
Information and communication recovery costs
The costs to repair, restore or replace affected parts of your information and IT hardware and software, after they’ve been stolen, destroyed or affected by a hacker
Payment for credit monitoring services in order to comply with data breach law
Data breach notification costs
Costs to inform your customers and anyone affected that a data breach has occurred
Legal fees incurred to develop notification communications for the affected parties
The costs to send and administer notification communications
The costs of call centre services to respond to enquiries and queries following a notification communication
Regulatory defence and penalty costs
Payment for any compensation which you are legally obliged to pay (including legal and defence costs)
Cyber business interruption cover
Payment for loss of income as a result of total or partial interruption of communication assets caused by data security breaches, computer viruses and attacks
Payment for reasonable and necessary expenses incurred, including the value of any ransom paid by the insured, for the purpose of terminating a cyber-extortion threat
Cover applies to hardware while it is temporarily removed from the insured location
You can also choose to cover portable hardware anywhere in the world
The cost to remove viruses and for specialist advice to prevent viruses or hacking attacks following an incident
If you openly demonstrate weakness in your approach to cybersecurity by failing to do the basics, you may put yourself at risk of a cyberattack.
Every organisation is a potential victim
All organisations have something of value that is worth something to others.
As part of your risk management process, you should be assessing whether you are likely to be the victim of a targeted or untargeted attack. Every organisation connected to the internet should assume they could be a victim of the latter.
Either way, you should implement basic security controls consistently across your organisation, and where you may be specifically targeted, ensure you have a more in-depth, holistic approach to cybersecurity.
Where to go for more help
If you have any doubts or concerns over your cybersecurity or you suspect you might be a victim of cybercrime contact www.actionfraud.police.uk or call the Action Fraud team on 0300 123 2040. Action Fraud is the UK’s national fraud and cybercrime reporting centre and provides advice on fraud and cybercrime.
To report a nonurgent crime please call your local police on 101. You can also report crime anonymously by calling 0800 555 111. If you are reporting a crime that is in progress or if someone is in immediate danger call 999.
National Crime Agency (NCA) general enquiries
For general enquiries or to verify a person as an NCA officer: Email: email@example.com Telephone: 0370 496 7622 (available 24/7)
The most common types of cyber threats are: Hacking—including social media and email passwords Phishing—bogus emails asking for security information and personal details Malicious software—including ransomware through which criminals hijack files and hold them to ransom Distributed denial of service (DDOS) attacks against websites—often accompanied by extortion
*A broad range of cyber cover protection is offered and specialist advice at a time convenient to you. As with all insurance policies, the policy is subject to limits, conditions and exclusions. For full terms and conditions, please refer to the policy wording available on request. This document does not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Gallagher cannot be held liable for any errors, omissions or inaccuracies contained within the document. Readers are always recommended to take further professional advice before making any decisions.