Today's criminal no longer needs a crowbar when a keyboard suffices and delivers better results. Once your company utilizes a computer network in its operation, collects or stores confidential information, intellectual property, or facilitates electronic payments and transfers, you are exposed to Cyber Risk.
Cyber risks are rapidly evolving, gaining media prominence, and it is just a matter of “when” your business will be impacted. Small and medium sized businesses (SMEs) think that it is just the high profile targets, whether Target or Home Depot, being attacked. We scoff as private photos of celebrities are leaked and say to ourselves that these are prominent figures and this won’t happen to me. However 72% of attacks recorded occur on SMEs with an average cost of $300,000 per attack. Cyber attacks on Barbadian business are happening right now and some recent cases have included:
Further SMEs are less likely to have the resources to put effective cyber defenses in place and are also less likely to be able to absorb the financial impact of such crimes. As we become more reliant on technology to drive operations we need to look to business resilience in the face of these new threats. We look to our security systems and our insurance coverage as our final fail safe. However, as inadequate as your firewall and antivirus will likely prove to be, there are equally as many gaps in your insurance programme.
Internet and network exposures are increasingly subject to exclusion from "traditional" insurance policies. The reason being is that general liability and property policies were originally designed to respond to liabilities and natural perils that damage physical assets. Some examples of gaps in traditional policy forms include:
With new threats emerging daily the insurance market’s capacity for cyber risk and scope of coverage terms is evolving.
Since starting to write this article JP Morgan was breached in the largest attack thus far which affected data of 76 million households and 7 million small business customers. Insurers are also reacting to the threat from ShellShock a 22 year old exploit bug which may threaten at least half of the systems running on the internet. Many industries running the affected Bash software include Nuclear, Oil, Utilities, Marine Transport and more.
The possible catastrophic risk exposure and aggregation of losses has insurers debating cyber exclusions or other limitations to their exposure. The future outlook for you, as you try to source the coverage, is that property and liability policies will be tailored to cover their original intent, and cyber risks will be more specifically underwritten and covered under specialty Cyber Insurance policies.
The desired outcome is to reduce your cyber risk and reduce the possibility of a breach or interruption to your business in the first place. You need to protect yourself should the worst occur.
Insurance terms are then negotiated for the limit of risk you cannot bear without exposing your company. Undertake an insurance wording gap analysis of your current insurance programme. The preference will be to extend the existing insurance programme to cover the cyber risks you have identified where this is cost effective.
However, as noted previously many insurers are restricting the amount of cyber cover under the traditional property and liability wordings. In such an instance a tailored cyber insurance policy may be your only course of action. Underwriters need to assess the results of your cyber risk assessment and any remaining gaps may directly impact on premium charged. Your risk advisor (broker) can then negotiate terms with underwriters for a comprehensive cyber privacy and network protection insurance policy which spans a broad spectrum of coverage types.
The cyber insurance policy typically includes: business interruption coverage; privacy and security liability; crisis and ‘event’ management costs; information assets and cyber extortion. Any policy cover negotiated should include coverage on a worldwide basis and provide for remediation services in the event of a cyber breach allowing for your rapid and robust response to any form of cyber intrusion whilst minimizing business impact.
Contact us to request our Cyber Risk Self Assessment – 246-426-5062 or firstname.lastname@example.org
Stay up to date on Cyber Risk issues will our Online Toolkit:
Do you want to learn more about how cyber risks can threaten your business? Our experts guide you on our webcast: