Cyber Insurance History
Cyber Insurance is one of the emerging products in the insurance market which has had rapid growth over the last 2-3 years. Until recently it was a low volume product, underdeveloped in comparison to the myriad of cyber risks facing businesses and expensive to purchase.
Due to heightened demand and appetite from SME’s, the premiums have reduced and the cover has expanded to include other typical cyber related risks such as online business interruption and other liability driven coverages to make it a more appealing proposition for small to medium businesses.
High profile cases and increased media coverage over the last couple of years have caused a significantly higher corporate awareness of the risks involved when operating with the aid of modern technology. With the Australian Bureau of Statistics being the latest publicly highlighted incident to draw attention to the cyber related risks, the appetite for Cyber cover has increased amongst corporate, SME and small business clients across all types of industries.
Misconceptions about Cyber Insurance
Many businesses integrate seamlessly with modern technology with production lines found in any manufacturing business changing almost unrecognisably over recent years. Reliance on digital assistance is become undeniable and whilst doing so, it is important not to be naïve to the risks associated with it. Computers help achieve efficiency and accuracy and although this creates streamlined processes and increased productivity, it is vital to acknowledge that relying solely on anything leaves you extremely vulnerable.
Your business may not operate an online store, or you may not have complex computer systems and networks but whilst you mightn’t consider yourself a technologically advanced company, what is certain is you use computers to communicate, coordinate, produce your products and to generate business. Without the tools to do this, your business stops like any other business would.
Understanding the Fundamentals of Cover
To understand the essence of Cyber Insurance and to differentiate the scope of cover that can be provided within the varying policies within the market, it is best to simplify the policy by separating the coverage into four main sections.
The policies available within the Australian market can differ substantially. Levels of cover, included benefits, exclusions and conditions that apply can overwhelmingly restrict the cover so it is important we discuss your specific risks and exposures to ensure the policy selected provides the elements of cover required.
Sections that are typically included within a stand-alone Cyber Insurance policy are as follows:
First Party Loss:
First Party cover refers to expenses incurred to reinstate your own property. Examples of this type of loss in a cyber insurance policy would include the cost to eliminate malicious software contained on your systems and re-secure your compromised data.
Third Party Liabilities:
Third party liabilities arise when you are found liable for loss incurred by third parties. For example, where a third party has suffered a financial loss due to you facilitating or infecting their system with a harmful or malicious virus.
Online Business Interruption:
As the name suggests, this cover relates to interruption to any online operations you might have. As an example, your website (despite any safeguards or risk management processes you may have in place to defend yourselves) may suffer a DOS (Denial of Service) attack which disables your website and any accompanying online systems and transactional platforms. This in turn would temporarily restrict your ability to derive normal online income.
Costs and Expenses:
Cost and expenses can be incurred in a wide number of circumstances, but is generally associated with privacy breaches and the related costs of notification to the impacted third parties. As an example, if you suffered a breach of your computer network and it is identified that third party personal details have been compromised (or even potentially compromised) there are a range of costs that are associated with complying to legislative requirements under Privacy Law. Notifications can come at a high cost depending on the volume of third party information you hold and may be financially crippling to your business if it isn’t handled appropriately.
Time Critical Response Times
In a situation where you discover a breach of your systems or potential cyber related issue, the response time of your insurer is critical in ensuring you minimise the impact and severity of the issue.
The options within the market usually all include a 24/7 claims service as an additional benefit allowing you to report and manage situations in conjunction with the insurer on the spot.
Cyber Insurance and its relationship with the CMIB ISR and Liability policies
It is important to understand the general relationship this product has with your existing CMIB property and liability policies.
Generally speaking, your property cover insured under the ISR policy only provides cover for loss of data on your own physical assets strictly when that loss of data is a result of an insurable event under the policy. (Such events include theft or physical loss or damage from an insured peril like fire, storm etc.). Further, your public and products liability policy contains a general “loss of data” exclusion, which overarchingly excludes any liabilities associated with the use of the internet, software or hardware.
With these two policies aimed at providing material damage cover to your assets and liabilities to third parties arising from an injury or property damage, there is no provision to allow for Cyber related incidents.
To bridge these existing gaps an additional Cyber Insurance policy may protect you from many of these uninsured perils. Depending on the extent of the Cyber policy it can allow for protection for a wide range of cyber related incidents and liabilities.
Cyber Insurance Options
Various policies are available within the market providing significantly different levels of cover.
The two most common options are an extension to an existing policy and a standalone Cyber policy. The difference between the two is often significant and it can be a dangerous assumption that all Cyber policies are equal.
The Cyber extensions available are usually restricted to third party liability coverage only. These extensions are usually limited to only specified events and/or overarchingly restricted by the use of definitions and doesn’t provide the breadth of cover required to provide comprehensive protection against the different cyber risks.
Importantly, other key risks that don’t generally form part of an extension include first party losses (as defined above). Costs and Expenses associated with the reinstatement of computer systems, software and networks can be time consuming and costly to any business. In addition to the time it takes to have your computer systems performing at capacity again, the consequential losses of gross profit alone can be a major contributing factor to the severity of a cyber event. These expenses are typically provided under a stand-alone Cyber policy and can be tailored to suit your specific needs.
The Cyber Insurance market has grown exponentially over the last 2 years with over 15 different insurers and underwriting agencies offering Cyber products within Australia. Pricing and appetite varies between the different providers, but very generally speaking costs start between $750 – $1,500 annually and increases proportionately subject to the insurers underwriting criteria.
For more information or if you are interested in having us discuss your own specific needs in further detail, please feel free to contact us.