Insurance Article, The Insurance Times 2022, The Insurance Times August 2022

Cyber Insurance

Look around today’s world, and you’ll see that daily life is more dependent on technology than ever before, benefits ranging from instant access to information on the Internet to the modern conveniences provided by smart home automation technology and concepts like the Internet of Things.

There is so much good coming from technology that it can be hard to believe that potential threats lurk behind every device and platform. Despite the world wide idealistic perception of modern advances, cyber security threats presented by modern tech are a real danger.

A steady rise in cyber crime highlights the flaws in devices and services we have come to depend on. This concern forces us to ask what cyber security & Cyber Insurance are &why are they essential.

Cyber – This one word is enough to open thousand tabs in your mind& none, any clear. Today we will boil it down to few.. & crystal clear.Cyber is simply things related to or involving computer or computer networks.

Cyber-attacks or Cyber Crimes are attempts by hackers to damage or destroy a computer network or system leading to unauthorized accessing, changing, or destroying sensitive information, theft of or damage to hardware/software, interruption of normal business processes& even extortion of money.

Some common cyber threats are Cyber terrorism, Malware, Trojans, Botnets, Adware, SQL injection, Phishing, Man-in-the-middle attack, Denial of Service, etc.

Thirty years of history have shown us that cyber risk is difficult to understand, problematic to hedge, only likely to grow, and characterized by a continually changing threat environment. Tomorrow’s cyber attacks may not look much like today’s — as evidenced by 2020’s spate of ransomware compared to the breaches of 2015 to 2017.

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from cyber-attacks.

Some of the best practices include:

  • Using two-way authentication
  • Securing passwords
  • Installing regular updates
  • Running antivirus software
  • Using firewalls to disable unwanted services
  • Avoiding phishing scams
  • Employing cryptography, or encryption
  • Securing domain name servers, or DNS

Cyber Insurance pays for your losses when your security has failed to deter attacks & you have suffered financial damages. It also covers your business’ liability for a data breach.

Cyber Insurance typically pays for

  • first-party losses (e.g. business interruption, restoration, and crisis communications) and
  • third-party losses, (e.g. data breaches, network interruption, and notification expenses

However, cyber insurance offers much more than just compensation for losses. It also provides valuable prevention and incident response services through the Insurer’s global partner network. These help companies to improve their cyber resilience and mitigate negative impacts after an incident. These services include 24/7 access to IT forensic experts or legal or crisis communications support.

Cyber Insurance is important because:

  • We live in a digital world & there are more devices than people- These days, most of the gadget works on the wireless network, and people are more engaging in such network system. No doubt, it makes the overall process easy and contributes to making our life better. But the user ignores the other side of this – that is the cyber security concern.
  • Attackers are becoming more innovative – Cyber attacks are no longer stopped by antivirus software or firewalls. The risk of cyber attacks is constantly increasing and for companies and institutions it is no longer a question of “if” it will happen but rather “when”. There are only 2 types of companies – those that have been hacked, and those that will be.
  • In today’s high-tech world, data is everywhere. Data is the new oil, and every piece of data has value. We all rely on the safety of our data and personal information. Adata breach exposes confidential, sensitive, or protected information to an unauthorized person leading to expensive legal battles.In the words of Bruce Schneier, Data is the pollution problem of the Information Age & Protecting Privacy is the environmental challenge.
  • Pandemic, cryptocurrency, and the rise in remote working are coming together to create a target-rich environment for criminals to take advantage of.

Sectors such as health and finance are likely to find that cyber insurance policies cost more due to the sensitive nature of the fields, they operate in. And it’s not just large organizations that are susceptible to being hacked or getting a virus. Most smaller companies lack adequate cyber security, making them a tempting target for cyber crimes such as malware, ransomware, distributed denial-of-service (DDoS) attacks,etc. Cyber attacks and data breaches are time-consuming and growing more so. The typical length of time it takes to discover and address a breach is 280 days. A cyber attack isn’t merely an annoyance – it may put your company out of operation.

Cyber liability insurance, also referred to as cyber risk insurance or cyber security insurance, makes it much easier to address cyber attacks without going under financially. It can cover for incident response, involving a panel of security forensic experts, lawyers, PR agencies. Legal fees also add up quickly when cyber criminals are involved, sometimes reaching into the millions of dollars. Many cyber incidents require notification to affected individuals and/or regulatory authorities, which can take time and incur fines or other penalties if done incorrectly. It can also help in covering business interruption losses. The insurance further aidsin restoring personal identities of affected customers. Credit monitoring expenses are often in the thousands of dollars for each individual client whose data has been compromised. It helps in recovering compromised data& repairing damaged computer systems.

Cyber Insurance can be personalized depending on the current business security status& the specific risks the business has.

However, cyber security defense cannot be replaced with cyber insurance. Insurance should complement cyber security technology as part of an overall cyber risk management plan. Cyber risk insurers analyze the strength of a company’s cyber security posture before issuing any policy. Strong security postures allow for better coverage and, in some cases, access to enhancement coverages. Fragmented enterprise security approaches can make it difficult for insurers to fully understand an organization’s security posture. The whole insurance industry is moving away from being a lender of last resort and payouts, to more like a risk advisor and a partner for your business operations.

Insurance is after all a contract and when it comes to a legal binding contract – Language matters. The definitions, warranties, conditions precedent, exclusions, carve backs are all to be read carefully.

Some losses specifically not covered in cyber insurance policies are –

  • preexisting or prior breaches or cyber events, such as incidents that occurred before the policy was purchased;
  • cyber events initiated and caused by employees or insiders;
  • infrastructure failures not caused by a purposeful cyber attack;
  • failure to correct a known vulnerability, such as a company that knows that a vulnerability exists, fails to address it and is then compromised from that vulnerability;
  • the cost to improve technology systems, including security hardening in systems or applications.
  • The financial damage caused by loss of intellectual property.
  • Reputational costs that can be incurred following a cyber attack.
  • Losses generated by attacks classed as an “act of war”.

The problem that most companies face is in determining how much cyber insurance they need. They are yet to figure out both their exposure and their buying appetites.Some of them still look at cyber insurance as a luxury.

For companies looking to bring more cyber insurance into their risk management practices — or buy for the first time — a bit of planning is necessary. To build up enough cyber insurance, early purchases of smaller amounts with increases over time can help.

Cyber risks will persist and evolve, and companies will need to manage that risk, including securing insurance protection. Remember, there is no such thing as absolute security &one single vulnerability is all an attacker needs.

Leave a Reply

Your email address will not be published.