
For a start, it’s comprehensive. The fallout from a cyber attack can last long after the incident itself, so it pays to make sure your business is adequately covered. Here are the key features to look for in a cyber insurance policy.
The key traits of a comprehensive cyber insurance policy
A cyber policy should be able to respond to a range of cyber events, such as unauthorised access, ransomware and denial of service attacks. The best cyber insurance policies should include first party and third party cover.
Not all policies are the same
Just as health insurance policies differ in their cover, so do cyber policies. When choosing cyber insurance, it is important to consider the industry you are operating in. The health industry, for example, has the highest cost per lost or stolen record, so companies in this field should take this into consideration when selecting their policy.
It’s also important to note that technology is advancing at a speed that is difficult for some insurance companies to keep up with. As a business, it could mean that you may not be covered for the most recent threats and developments, so it pays to check the credentials of your insurance provider too.
Read more: FAQ guide to common cyber insurance questions
First party cover
Your first party cover should include cover to help you manage the cyber incident itself as well as any direct financial loss your business may experience as a result.
Key features to look for:
- Notification management: internal and external (stakeholders and clients) should be notified ASAP, which can cost.
- Incident response team/consultancy: which may involve IT forensics and services and legal consultation, and crisis management.
- Loss of profit/income cover: this can include business interruption
- Public Relations Costs: which can include reputational damage
- Lost Data Costs
- Defence Costs
Why these features?
- The quicker you identify a breach, the less damage and cost it will cause.
- While there are no legal repercussions in New Zealand for not notifying the customer, the reputation damages for failing to do so can be severe.
Third party cover
Cyber liability insurance, or third party cover, will help cover the damages other people experience as a result of a cyber attack on your business. This could be at the time of the incident or years down the track.
Key features to look for:
- Compensation claims and settlement costs: such as a breach that becomes an issue for third parties down the track.
- Legal and investigation costs: covers any legal damages you may have to pay and the cost of defence in the event of an investigation by regulatory bodies.
- Privacy breach damages: covers the damages third party individuals experience as a result of personal information being lost or stolen.
- Intellectual property (IP) defence and damage: in the event that IP is lost or stolen from a third party.
Why these features?
- Surviving the cyber attack is just part of the risk to your business. The other half is the fallout as a result—and this can last years. From our knowledge of New Zealand’s insurance landscape, many businesses (as high as 60 per cent) cease trading within six months of a cyber attack.
- Defending your business against an investigation is a costly exercise.
- If you are found guilty in a legal case, you will have third party damages to pay on top of the direct damages incident caused to your business.
“Legal and investigation costs in a cyber claim can mount up quickly and become substantial, which is why this benefit is key in any cyber policy,” says Claire Holt, Senior Broker at BRAVEday. “The ability to call in IT professionals early in any cyber event to minimise and mitigate damage is crucial.”
What am I already covered for?
While there is some overlap between business insurance, liability insurance and crime insurance, cyber insurance is the only cover you can get that will tick all the boxes when it comes to online security and crisis management.
|
Business insurance | Liability insurance (general) | Crime insurance | Cyber insurance |
FIRST PARTY COVER | ||||
Network interruption | No | Yes | ||
Cyber extortion | Sometimes | Yes | ||
Data recovery/restoration | Yes | |||
Employee sabotage of data | Sometimes | Yes | ||
Virus/hacker damage to data | Yes | |||
Denial of service attack | Yes | |||
Physical data | Sometimes | Sometimes | ||
Reputational loss | Sometimes | Yes | ||
THIRD PARTY COVER | ||||
Unauthorised access of personal information | Sometimes | Yes | ||
Unauthorised access of business information | Yes | |||
Media content (e.g. distributed content that amounts to piracy, slander, theft of ideas, or invasion of privacy). | Sometimes | Yes | ||
Contamination of third party data | Sometimes | Yes | ||
Third party denial of service/access to data | Sometimes | Yes | ||
Corrupted, destroyed or modified data | Yes | |||
Physical theft of hardware | Sometimes | Yes | ||
Legal costs (advice and representation in the event of an investigation) | Sometimes | Yes | ||
Repair of other company reputation (e.g. PR costs) | Sometimes | Sometimes | ||
Notification costs | Sometimes | Yes | ||
Monitoring costs | Sometimes | Yes | ||
Fines | Sometimes | Yes |
[Source: AIG]
Are the doors of your business open to cyber criminals? Download our cyber security risk assessment checklist to make sure you're covered on all fronts.