Cyber Insurance

[stressedbob]

Hello all!

We are looking at Cyber Insurance, we have not previously had this in the business so not familiar with it.

Does anyone know much about it and any pitfalls or recommendations?

We do have an online shop so feel our exposure is high enough to make this a necessity, also based on the increasing number of cyber attacks on companies even without an online presence!

Any input appreciated!

 

[DEBS Ltd]

Hello all!

We are looking at Cyber Insurance, we have not previously had this in the business so not familiar with it.

Does anyone know much about it and any pitfalls or recommendations?

We do have an online shop so feel our exposure is high enough to make this a necessity, also based on the increasing number of cyber attacks on companies even without an online presence!

Any input appreciated!

What is it you specifically want to know?

Generally it covers for:

Pre/post incident support
Security/privacy breach costs
Extortion
Damage to digital assets
Business interruption (consequential loss)
Liabilities arising around this.

Be aware most insurers have tight requirements these days. Things like MFA are expected, and possibly more.

Go to a broker, preferably one who specialises in 'financial lines' type business (professional indemnity, directors and officers etc type) as it's still a class that's not even widely understood by some in the insurance industry.

It's also getting more expensive all the time.

Some brokers also have specialist teams who can manage your risk, specific tech people and not insurance ones, all at a high cost of course, although it may be worth it if anything ever happens.

 

[fisicx]

A lot of companies have discovered their cyberinsurance is worthless after investigations showed the breach was preventable. Eg: not clicking on a dodgy link in a email or patching a known vulnerability.

And even having the insurance doesn’t mean you would be able to recover any data if it’s been encrypted.

 

[Frank the Insurance guy]

@DEBS Ltd beat me to it.

This has been a real hot potato in the insurance industry over the last couple of years, with premium increases, terms and conditions getting tighter etc.

As an e-commerce business you are reliant on your online shop.

Couple of key things:
1. As @DEBS Ltd said - Multi Factor Authentication is a must. This would be for all access to your it network.
2. Are you relying on IT Providers for services - What measures are they taking to minimise the risk of a cyber event - do they have their own Cyber Insurance & Professional Indemnity Insurance

You need to speak to an independent insurance broker, who can provide a quote based on your specific circumstances.

Feel free to contact me if you would like a chat.

 

[Frank the Insurance guy]

A lot of companies have discovered their cyberinsurance is worthless after investigations showed the breach was preventable. Eg: not clicking on a dodgy link in a email or patching a known vulnerability.

And even having the insurance doesn’t mean you would be able to recover any data if it’s been encrypted.

The biggest risk of a cyber event is the "human error" where someone is clicking something they shouldn't - all cyber policies will cover this "human" aspect, however as a business you will have to have certain safety criteria in place - this varies between insurers, so need to check your policy carefully.

As @fisicx says, you may never get your data back, which is why you should consider included Business Interruption cover, for loss of revenue caused by the cyber event.

 

[MrStar]

I personally had a client around 4 years ago who had a £10m+ claim against their cyber insurance. I'd say it's a bit of a must have. The client was a large Insurance Broker by the way.