Cyber & Data Risk Insurance
What is Cyber & Data Risk Insurance?
Nearly all businesses will hold client data or operate digitally in one form or another. Cyber criminals have taken full advantage of this with small and large businesses falling victim to hacks or data breaches every day.
If you use email, have a website, take online transactions or are reliant on computers then you should consider Cyber Insurance. This policy doesn’t just apply to digital risks, it also applies to the loss of client data held in paper form… yes, some business still have paper files!
In a nutshell, Cyber Insurance will cover the costs your business suffers following a hack or data breach. It won’t stop a cyber-attack but it will offer you practical and financial support if you’re the victim of one.
Why do I need Cyber Insurance?
Most people assume that because they have an IT department they don’t need Cyber Insurance. Yes, your IT department will certainly assist following an incident but it won’t cover the costs of; repairing and restoring your systems/networks, websites, defence and indemnity for regulatory investigations, telling your clients and paying for their credit searches, any ransom/extortion fees, legal fees and compensation claims if you’re sued for loss of personal data, handling the PR management for your firm’s reputation or loss of income if you couldn’t trade. A cyber policy can cover you for all of this and in today’s world – it seems silly not to have this protection for a business you’ve worked so hard for.
A cyber policy also covers physical data not just electronic data. Think about an employee leaving a laptop full of client information on a train or dropping some paper files or paper documents stolen from an office break in,
Cyber Insurance is about protecting your company when it comes to failure of client data protection. I.E: a loss of the data or a data breach or if your company is hacked.
What can Cyber Insurance cover?
There are lots of different cyber policies available, each offering different levels of cover. These are some of the main elements you could expect to find;
- Data breaches
- Human errors
- Financial crime
- Loss or theft of physical data i.e. paper files or laptop.
- Costs of telling your clients, an example of how much this could be; posting a letter first class 76p and providing 3 months free credit checks at a cost of £60. If you have 1,000 clients data stolen, that could be up to £60,760!
- Restoring/repairing networks, systems and websites.
- Credit monitoring costs for clients to ensure your clients data is not used to take out loans or store credit causing them adverse credit
- Specialist assistance and management of the incident itself
- Specialist assistance and management of reputable damage
- Extortion (Ransomware) payments
- SQL Injection attack
- Failure of computer security
- Forensic investigation costs (usually starting from £15,000)
- Loss of income if you cannot trade or network down time
- Theft of money or digital assets through theft of equipment or electronic theft
- Legal costs if your business is sued due to data loss
- Client compensation for loss of data
What else do I need?
- Offices and Surgeries Insurance: If you work from an office or surgery environment
- Professional Indemnity Insurance: If your business gives any advice or provides/offers a professional service
- Directors Insurance: Covers the individual and their personal assets from claims made for actual or alleged wrongful acts
- Corporate/Company Legal Liability: Covers the business from claims made for actual or alleged wrongful acts
- Employment Practice Liability: Covers the business against employment disputes
What type of cyber or data risks does my business face?
Everyday risks a business can face include; an employee losing a work laptop containing client data, an employee clicking a link on a phishing email, hackers intercepting emails and changing bank details on your invoices, paperwork being stolen from an office containing client information, or an email being sent to the wrong person containing sensitive data. If you lose data you could be held accountable under General Data Protection Regulations (GDPR), which could mean a fine, and the cost of informing clients of the loss of their data. A cyber policy covers these costs.
Types of cyber risks include:
- Computer malware
- Cyber theft
- Denial of service attack
- Human error and/or dishonesty
- Infringement of intellectual property rights
- Libel, slander and/or defamation
What is a phishing attack?
A phishing attack is a criminal attempt to obtain private information from an email user that could be used for fraud. Phishing can range from a simple spam email to something more sophisticated. It can now involve emails using accurate copies of branding and design, posing as a legitimate business, bank or email provider.
Phishing is becoming increasingly widespread and is targeting individuals as well as businesses.
What is Ransomware?
Ransomware, (also known as malware), is a type of malicious software designed to infect computer systems and encrypt files so that the hacker locks out the owner and can hold them to ransom. They can also extort money by threatening to release sensitive client or business data, or simply shut your system down.
What is an SQL injection attack?
This is one of the most common web hacking techniques which mainly involves embedding malicious code into an unprotected application or web page. The code can then gain access to the backing database to view, alter or delete private information. Hackers can then conduct identity theft, gain access to bank accounts and blackmail businesses. The consequences for a business include loss of money, customer trust and a fine for breach of GDPR.
Types of businesses we can cover
A Cyber and Data Insurance policy can provide cover to any business that uses emails, takes card payments, has a website, or holds client data in either electronic or paper form. Below are some examples of the businesses/industries we provide cover for;
- Advertising (Creative Agency only)
- Construction Companies
- Creative Advertising /Marketing (no direct mailing)
- Electrician/ Plumber/Engineer/ Tradesman
- Hairdresser (Single outlets only; refer chains)
- Leisure Management Consultants
- Retail / shops