Cyber Insurance is designed to help an organisation mitigate risk exposure by offsetting the costs involved with recovery after a cyber-related security breach or similar event. Cyber insurance or cyber liability cover has been available for many years but with increased digital reliance it has fast become a requirement for many business continuity plans.
– Malicious emails accidentally opened by staff
– Lost or stolen portable devices with confidential information resulting in a privacy breach or system access
– Extortion from criminals with private information
– Current or former employee manipulation and impairment of critical data
WHAT DOES IT COVER?
A forensic IT investigation is necessary to determine what occurred, how to repair the damage and how to prevent the same type of breach. Investigation may involve services from a third party security firm, law enforcement or the Australian Federal Police.
The business may be unable to continue trading and suffer interruption costs due to network security failure or attack, programming errors or human errors. Loss of profits and costs incurred to continue business as usual are typically covered under a cyber insurance policy.
Please note, a traditional business interruption insurance policy would exclude covering a cyber event which reinforces the importance of a stand alone cyber insurance policy.
Legal & Public Relations
Cyber Insurance policies will cover legal defence costs due to a privacy breach, reputational damage and public relations expenses to assist an organisations public image after a breach.
Mandatory breach notification laws are being passed in Australia at the time of writing which will require all privacy breaches to be reported and communicated with the clients. The effect of mandatory breach laws has been seen in The United States with multiple class action lawsuits against small and large organisations.
Extortion & Blackmail Costs
Ransomware & extortion costs from criminal organisations and disgruntled employees for the release or protection of private information.
Regardless of staff size, turnover or industry, all businesses have a possible exposure from the ever increasing reliance on information technology. From most reports it is only a matter of time rather than a matter of being secure or not.
Arranging an insurance policy, educating employees and instituting solid security processes will be key to mitigating this risk.