Sceptical about cyber insurance and its role in your risk management plan? You’re not alone – until you get attacked. When the very survival of your business is under threat, cyber insurance gives you someone to turn to.
What is a cyber-attack?
Cyber-attacks are illegal attempts to access an organisation's data or to disrupt their operations for criminal purposes, espionage, politics or simply for mischief. Millions of attacks are launched at firms every day: some actually succeed in breaching these companies’ defences and wreak havoc.
An increasingly popular form of attack uses emails that appear to be from a known colleague, to trick people into installing malicious software – it’s an easy mistake that can lead to your business being locked down, losing money and held to ransom.
A growing number of breaches come from (often disgruntled) employees with insider knowledge.
What does cyber insurance cover?
Cyber insurance means Howden is right by your side - before, during and after your incident.
The standout benefits of cyber insurance are access to highly experienced experts to nullify the threat as quickly as possible and help mitigate disastrous consequences.
Cyber insurance gives you rapid access to experts who will:
1. Identify the cause
2. Contain the breach from spreading and doing more damage
3. Deal with the fallout (including mitigating ongoing risks)
4. Restore your organisation back to business as usual
What happens when you get hacked?
Cyber incident response in action – experts will see you through the incident.
One phone call sets the ball rolling to get you back to business-as-usual.
1. Forensic IT analysts to nullify the threat quickly
By using genuine specialists who know the modus operandi of the criminals and understand the latest threats, companies can resolve the breach faster.
Forensic specialists deal with these threats every day – they hunt down the breach and restore security, to stop further business interruption and even prevent further regulatory investigation. Having these experts work alongside your team is a must-have during any breach incident.
2. Specialist lawyers to advise on incident handling and regulatory fallout
Get prompt advice from commercial lawyers with extensive experience of handling cyber claims, to help navigate a complex compliance situation and even fight your case if it comes to that.
3. Public relations experts with deep experience in crisis communications
Mandatory notification and disgruntled customers can leak information of your breach to media. If media responses are handled without the right Public Relations your reputation could be damaged further - which could have repercussions to your existing customers and stakeholders.
Having diverse experts on hand can save you time when you are racing to contain your losses before they get completely out of hand.
Breaches are a stressful situation for even the best in-house talent. Expert help is advantageous all round - and you don’t want to be paying through the nose for specialists when your cyber crisis is already in full swing.
As well as your emergency incident response and the costs of reinstalling hardware and software, cyber liabilities policies offer cover for:
- Costs of notifying clients
- Monitoring your customers’ stolen credit card and ID details
- Business interruption and alternative costs of working
- Costs of investigation
- Costs of extortion
- Legal defence fees and damages.
Howden-approved policies give you cover for costs in these areas:
Cover for third-party claims and associated legal defence costs resulting from the data breach.
Defence costs and potential fines resulting from regulatory investigations to the extent insurable by law.
Extortion and ransom
Costs of restoring the organisation’s affected systems, even paying the ransom if needs be.
Net profit loss resulting in interruption or downtime of an organisation’s IT system.
Cover for the costs of using a Public Relations company to help ease reputational damage arising from the data breach.
PCI DSS assessments and fines
Organisations affected by breaches involving payment card data are exposed to PCI related fines and PCI DSS (Payment Card Industry Data Security Standard) assessments. This coverage deals with costs relating to stolen card data, reimbursements of card reissuing costs and forensic investigations to assist defensibility of allegations.
Why now? Why do I need cyber insurance today?
The huge range of connected applications and systems businesses use each day presents a risk, particularly wherever one ‘talks’ to another.
Wherever people are involved in building, configuring or operating these interconnected systems, they can create inadvertent entry points for cyber criminals.
Cyber crime is much more about people than technology – that’s why insurance is so important.
Key reasons cyber cover is essential for businesses large and small
- Everyone makes mistakes, even smart people can do irrational things when it comes to protecting an organisation’s data.
- Cyber criminals are always finding new ways to trick their staff into collaborating with them inadvertently.
- Rogue employees – a large proportion of hacks and breaches are committed by current members of staff with a grievance.
- Many businesses in supply chains have a requirement to get cyber insurance as part of a compliance checklist for vendor companies.
- The biggest firewall in the world won’t protect your system from the people inside.
There are many ways you can protect your business from some threats – using a combination of technology, process and people – but you can never eliminate them entirely. That’s where cyber insurance comes in – ready to pick up the pieces.
Additional benefits of the Howden service:
Advice dealing with insurers
Dealing with an insurer can get a little confrontational; much better to communicate through a friendly, professional broker who brings them millions of dollars of business each year. The mutual respect between insurers and a global brokerage means we can move quickly towards a fair resolution, always acting in your interests.
Risk management training
To help you plan for and reduce risk, we provide seminars, tools and training to get the most out of your policy before an incident happens.
Policy wording reviews
Subtle differences in wording can create gaps you didn’t even know were there. Identifying gaps early can save a lot of headaches later. We are always testing out policy wordings with real scenarios to make sure they are fully up-to-date and responsive to the latest challenges.
If you’ve not budgeted for cyber insurance this year, remember that cyber criminals will not wait.
Cyber troubleshooting is a Howden speciality.
Things to remember:
- Cyber attackers gain access to an organisation’s systems months beforehand -then detonate their malicious code when the conditions suit them.
- You can’t know what you don’t know – unknown flaws in third-party software or hardware (called a zero-day vulnerability) are often exploited to launch cyber-attacks e.g. The Wannacry event.
- Cyber-attacks are creating a climate of high risk and uncertainty. Organisations are now beginning to realise that.