CYBER insurance - Why all businesses need it
CYBER insurance – Why all businesses need it
At Straight Solutions Ltd we think CYBER insurance is now a must for any firm.
The threats to UK businesses just keep growing, whether the cause is Eastern European state sponsored crime operating from purpose built factories, home grown hackers or the legislative burden of GDPR there is one fact you cannot avoid - our existing business insurance polices are not good enough.
Most business insurance policies were designed in the 20th century and have a gaping hole left open to 21st century digital damage.
Dixons Carphone were in the news recently for data breaches involving “5.9 million payment cards and 1.2 million personal data records” (source: bbc.co.uk)
While the technology revolution has brought with it unparalleled levels of convenience and choice to millions of people across the globe, it has done the same for the criminal underworld. It is now far easier and far more lucrative for criminals to ply their trade digitally rather than physically. Cyber attacks are the modern crime and cyber insurance is the way to protect against them.
How CYBER risk has evolved.
The technology revolution has irreversibly changed the way that businesses operate: the ability to send electronic mail rather than physical mail; the ability to store information electronically rather than physically; and the ability to move money remotely rather than in person has brought speed and efficiency allowing businesses to reach levels of productivity that were never before imaginable. And just as many opportunities for criminals.
And that’s what cyber insurance is there to protect against – the loss, theft or destruction of a company’s digital assets.
The need for a new type of insurance policy
Cyber insurance is necessary because traditional insurance policies were not designed to handle 21st century threats. Many standard first party (“own damage” ) insurance policies such as say fire and theft were designed to deal with threats to a company’s physical assets – their buildings, machinery, office equipment and tangible money only.
There has historically been little to no protection offered under these policies for loss of, theft of or damage to data, systems and electronic funds. But as most businesses these days now have a much greater reliance on their digital assets than they do on their physical ones, which makes a new kind of policy essential.
Types of CYBER claims
More than 95% of cyber claims are for ‘own’ losses only and they fall into three broad categories:
1. THEFT OF FUNDS – this is straight forward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Criminals no longer target physical banks – they target online accounts. And if a business has somehow been negligent in allowing this to happen, the bank will not reimburse them.
2. THEFT OF DATA – data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels in the UK and in order to commit identity theft, criminals need data. Seemingly innocuous information such as names and addresses stored on a computer network can be worth more money than you think.
3. DAMAGE TO DIGITAL ASSETS – in order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a firm’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix.
Claims for theft of funds are actually very easy and quick to quantify, but for theft of data claims, the financial impact can vary depending on the nature of the data compromised and how much of it was stolen.
The costliest part of a cyber event is often responding to the incident. For example, if an attack has managed to compromise a company’s computer network, then IT specialists are going to be needed to stop the attack, protect against further immediate threats, and work out what has been stolen. There is then a financial cost associated with limiting reputational damage, notifying clients or customers whose data has been stolen, and offering them identity theft protection solutions if necessary.
Damage to digital assets claims can be easy to determine especially if there is an extortion demand which the victim has paid (the amount of the claim is the cost of the ransom) but more difficult if we’re talking about the cost of using IT specialists to rebuild systems or data – which might only be calculated after the work is completed.
Worried? we were, we bought Cyber cover for ourselves and would like your business to have the same levels of protection.
For a quotation and with no obligation please contact Brian Dunk on 01935 389812