Does a cyber insurance policy cover offline and online exposure?
Yes. Policies are triggered by the breach of electronic and non-electronic data that includes theft and loss. This means that you have insurance for exposures that may range from a sophisticated hack to a sensitive piece of hard data ending up in the wrong hands.
What are some examples of possible claim scenarios for cyber insurance?
Data breach following employee theft; data breach following loss of a memory stick; data breach following hacking; cyber business interruption; denial of service attack.
My data is stored in the cloud. Does this mean that liability rests with them?
Not exactly. It would be wise to carefully review your cloud contracts with legal counsel. Even if the risk is reduced, the liability may still fall to you. Remember: you can outsource the service but not the responsibility.
I am confident that my information is secure. Do I need a policy?
Even companies with large departments dedicated to IT security experience data breaches. A simple oversight like not updating software, inappropriate user authentication procedures for third-party vendors or losing an unencrypted laptop can lead to a breach.
What do I do next?
A good first step is to create a cyber risk profile for your company, and to create a list of expenses you want to have covered in the event of an incident. Then, you can determine an estimate for third-party costs. Many insurers provide an insurance calculator on their websites to help organisations create a list of coverage and estimate costs.
If you suffer a cyber breach, having cyber insurance can make the recovery process as straightforward and rapid as possible (however it is still likely to take a number of days or weeks depending on the severity of the incident). Many insurers include technical assistance with managing a breach as part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.
Just like you wouldn’t leave your door unlocked simply because you have home insurance, cyber insurance should not serve as reasoning to divert funding in security planning and strategy. Additionally, while cyber insurance may reimburse costs, it cannot mitigate the reputational damage incurred by a breach or a security incident. Insurance will not reinstate trust from clients and customers post-breach.