What do I need to know about Cyber Insurance? FAQs

What is Cyber Insurance and why do I need it?

In broad terms, a robust Cyber Insurance policy that is also known as Cyber Risk Insurance policy or Cyber Liability Insurance policy encompasses three key areas:

1. 1^st Party – direct losses arising from a data breach or hack, including theft, extortion, business interruption and system repair work
2. 3^rd Party – claims for compensation, fines or penalties payable to customers and regulators
3. Crisis management costs – Complimentary access to expert consultants to provide support in relation to forensic analysis, legal advice and public relations etc

In addition to protecting direct financial costs arising from a data breach or hack, a comprehensive policy will also offer professional support in relation to the subsequent post-loss clean up (which, in itself, could otherwise be extremely expensive).

What are the risks associated with not having Cyber Insurance Cover?

Predicting the potential costs or implications of a Cyber attack are something of a ‘piece of string’ scenario. A serious breach could result in a catastrophic disruption to a business’s ability to function and trade, not to mention the associated time, expense (and potential embarrassment) of notifying customers and other stakeholders that their data held by you may have been breached. Equally, a denial of service attack (ransomware or the like) may necessitate a time consuming and expensive overhaul of a business’s entire IT infrastructure.

Potential reputational damage is also a very real risk, but extremely difficult to quantify. The true consequences may not become fully apparent until much later.

Aside from the immediate, tangible impact of a data breach, it is easy to overlook the importance of having prompt access to expert advice and professional support in the immediate aftermath of a serious cyber breach or attack being detected. In the event of a fire at your premises you would naturally call the fire brigade. In the event of a break-in; the Police. A serious cyber breach could be equally, if not more, devastating as a fire or break-in, but who would you call for emergency support and how quickly can their support be accessed?

Robust Cyber Risk Insurance policies will provide complimentary access to a wealth of expertise to help manage the immediate emergency, including 24/7 access to cyber security consultants, legal support, and cyber forensic investigators, as well as the aftermath, including public relations consultants and forensic accountants to quantify losses etc.

Without Cyber Insurance a business will be left to manage the emergency in-house, potentially without ready access to essential professional support, in a situation that most people will have little or no previous experience of.

What happens if I need to make a claim?

When a business is the victim of a cyber breach or attack, a speedy response is of the essence as it can quickly become a case of damage limitation.

As touched upon above, a key feature of a robust Cyber Insurance policy is the manner in which the policy is structured to respond and provide efficient and effective professional support in the event of a breach or attack.

At Fairweather Insurance we are acutely aware that a claim situation can be one of the few occasions where a customer’s insurance policy can become of tangible benefit. In many cases, a claim will be the result of a serious or distressing event. Accordingly, we recognise the importance of supporting our clients when a loss or incident occurs and doing all we can to help manage claims in a prompt and efficient fashion. To this end, we have a dedicated Claims Team  whose sole focus is to support our clients during the process and manage claims through to their conclusion.

How do I arrange cover?

Whilst ‘off-the-shelf’ products are available online they may not adequately address the risks specific to an individual business and it is a good idea to seek professional advice.

For example, some businesses may retain a high volume of personal customer data, whilst others may hold less personal data but retain highly sensitive or confidential information.  Some businesses are almost exclusively reliant on their website to generate sales, whilst for others, their website is more for name awareness.  In most cases the IT system will be integral to the operation of the business so, if it is breached or compromised in some way in a cyber attack, the business will inevitably suffer some form of disruption or cost. One business may therefore require a different type of Cyber Insurance from the next.

For these reasons, we recommend you seek professional advice… and speak to Fairweather Insurance. One of our knowledgeable and friendly team would be delighted to discuss your requirements with you regardless of how complex or small they are.