The average financial impact of a cyber incident is S$3.2m dollars – and there is no upper limit.
Business leaders without a well thought out strategy around cyber protection are effectively gambling with all their funds to develop their business. Or depending on your cash reserves, your very survival. Cyber incidents happen every day; some are targeted, others random and viral.
“There are two types of business.....those who’ve been hacked and those that will be.” (The FBI, 2012)
Fortunately, you can pass on your costs to an insurance company.
What is a cyber-attack?
Cyber-attacks are illegal attempts to access to organisations’ data or to disrupt their operations for criminal, espionage, politics or simply for mischief. Millions of attacks are launched at firms every day, some actually succeed in breaching these companies’ defences and wreak havoc.
An increasingly popular form of attack uses emails that appear to be from a known teammate, to trick people into installing malicious software – it’s an easy mistake that can lead to your business being locked down, losing money and held to ransom.
A growing number of breaches come from your employees (often disgruntled) with insider knowledge.
What does cyber insurance cover?
Cyber insurance means Howden is right by your side, before during and after your incident.
The standout benefits of cyber insurance are access to highly experienced experts to nullify the threat as quickly as possible and help mitigate disastrous consequences.
Cyber insurance gives you rapid access to experts who will:
1. identify the cause
2. contain the breach from spreading and doing more damage
3. deal with the fallout (including. mitigating ongoing risks)
4. restore your organisation back to business as usual
What happens when you get hacked?
Cyber incident response in action – experts will see you through the incident.
One phone call sets the ball rolling to get you back to business-as-usual
If you have insurance you can expect a fast expert response from:
1. Forensic IT analysts to nullify the threat quickly
Using genuine specialists who know the modus operandi of the criminals and the nuanced behaviour of the latest threats companies can get to resolve the breach faster.
Forensic specialists deal with these threats every day – they hunt down the breach and restore security, to stop further business interruption and even prevent further regulatory investigation. Having these experts work alongside your team is a must-have for any breach incident.
2. Specialist lawyers to advise on incident handling and regulatory fallout
Get prompt advice from commercial lawyers with extensive experience of handling cyber claims, to help navigate a complex compliance situation and even fight your case if it comes to that.
3. Public relations experts with deep experience in crisis communications
Mandatory notification and disgruntled customers can leak information of your breach as potential news to media. If media responses are handled without the right Public Relations your reputation could be damaged further which could have repercussions to your existing customers and stakeholders.
Maybe it’s not for you, but having diverse experts on hand can save you time when you are racing to contain your losses before they get completely out of hand.
Breaches are a stressful situation for even the best in-house talent. Expert help is advantageous all around - and you don’t want to be paying through the nose for specialists when your cyber crisis is already in full swing.
Cyber insurance is designed to pay for:
As well as your emergency incident response and the costs of reinstalling hardware and software, cyber liabilities policies offer cover for:
•costs of notifying clients
•monitoring your customers’ stolen credit card and ID details
•business interruption and alternative costs of working
•costs of investigation
•costs of extortion
•legal defence fees and damages
Howden-approved policies give you cover for costs in these areas:
Cover for third-party claims and associated legal defence costs resulting from the data breach.
Defence costs and potential fines resulting from regulatory investigations to the extent insurable by law.
Extortion and ransom
Costs of the restoring the organisation’s affected systems, even paying the ransom if needs be.
Net profit loss resulting out of interruption or downtime of an organisation’s IT system.
Cover for the costs of using a Public Relations company to help ease reputational damage arising from the data breach.
PCI DSS assessments and fines
Organisations affected by breaches involving payment card data are exposed to PCI related fines and PCI DSS (Payment Card Industry Data Security Standard) assessments. This coverage deals with costs relating to stolen card data, reimbursements of card reissuing costs and forensic investigations to assist defensibility of allegations. .
Why now? Why do I need cyber insurance today?
The huge range of connected applications and systems businesses use each day present a risk, particularly wherever one ‘talks’ to another.
Wherever people are involved in building, configuring or operating these interconnected systems, they can create inadvertent entry points for cyber criminals.
But cyber crime is much more about people than technology – that’s why insurance is so important.
Key reasons cyber cover is essential for businesses large and small
- Everyone makes mistakes, even smart people can do irrational things when it comes to protecting an organisation’s data.
- Cyber criminals are always finding new ways to trick their staff into collaborating with them inadvertently.
- Rogue employees – a large proportion of hacks and breaches are committed by current members of staff with a grievance.
- Many businesses in supply chains have a requirement to get cyber insurance as part of a compliance checklist for vendor companies.
- The biggest firewall in the world won’t protect your system from people inside.
There are many ways you can protect your business from some of the threat – using a combination of technology, process and people – but you can never eliminate them entirely. That’s where cyber insurance comes in – ready to pick up the pieces.
Additional benefits of the Howden service
Help dealing with insurers
Dealing with an insurer can get a little confrontational; much better communicate through a friendly, professional broker who brings them millions of dollars of business each year. The mutual respect between insurers and a global brokerage means we can move quickly towards a fair resolution, always acting in your interests.
Risk management training
To help you plan for and reduce risk, we provide seminars, tools and training – to get the most of your policy before an incident happens.
Policy wording reviews
Subtle differences in wording can create gaps you didn’t even know were there. Identifying gaps early can save a lot of headaches later. We are always testing out policy wordings with real scenarios to make sure they are fully up to date and responsive to the latest challenges.
If you’ve not budgeted for cyber insurance this year, remember that cyber criminals will not wait.
Cyber troubleshooting is a Howden speciality.
Things to remember:
- Cyber attackers gain access to an organisation’s systems months beforehand -then detonate their malicious code when the conditions suit them.
- You can’t know what you don’t know – unknown flaws in third-party software or hardware (called a zero-day vulnerability) are often exploited to launch cyber-attacks e.g. The Wannacry event.
- Cyber-attacks are creating a climate of high risk and uncertainty. Organisations are now beginning to realise that with no real 100% protection they need a product such as cyber insurance to hedge the costs of a potential breach and to manage the uncertainty.