What does Cyber Insurance cover in the unfortunate event of an attack?
Cyber insurance is becoming more and more important for businesses especially for those that trade, perform transactions and interact with sensitive customer information online. Cyber Insurance can protect your business in the event of a cyber hack or data breach on your business computer systems and data. In the unfortunate event that your business has suffered a cyber-attack, you will be covered for most of the costs associated with cyber-attack or data breaches.
As with any investigation, there are certain events that will take place after the cyber attack. They will research the origin of the breach, what systems and data were compromised, who needs to be notified, how to communicate the breach, what actions need to be put in place to fix the areas of risk, solutions for future risk mitigation and associated IT and legal expenses. Your cyber insurance will help cover any costs associated with notifying the necessary authorities and the affected person or persons, investigating the incident or incidents, putting in place measures to contain the damage, and recover any data that has been affected. It may cover or will assist towards any fines and court costs. Your cyber insurance should cover the financial impact of the incident including but not limited to the loss of business, as well as regulatory fines.
Cyber Insurance is not a necessity for all businesses but if you interact with customers and businesses in the digital space then it may be well worth your while having a conversation about it. In the unfortunate event of a data breach or if you were impacted by ransomware your cyber policy will provide access to a specialised team of cyber experts that will help you navigate these sometimes treacherous digital channels. In the event of a ransomware attack where a criminal or team of criminals demand compensation in order to decrypt and return your data, your cyber team will negotiate this on your behalf. They will also help trace and track down those responsible as well as try to recover your data on your behalf.
If you have been the victim of a cyber-attack you should notify your IT company immediately if they have not discovered it first. They will advise on immediate security measures including notifying staff. Notify your cyber insurance company and they will guide you through the next steps. Once you have determined the kind of attack that happened and any data that has been compromised then you should inform the Data Protection Commission and any regulatory bodies that you are legally obliged to notify.
The investigative process and costs vary depending on the size of the company, industry and type of cybercrime involved. Regardless of this, there are certain things that must be identified including the origin of the attack, the amount of data compromised, the motive and the identities of the criminals if possible.
It is important to act immediately when a cyber-attack has been identified because it will directly impact your indemnity period which has a maximum period of 3 months as part of any cyber insurance policy. The indemnity period is the specified period of time for which compensation is payable under your business interruption policy. This could mean the period during which the income of the business is affected by the cyber event or the reinstatement of services affected by the cyber-attack. Your cyber insurance policy will provide details of this.
Cyber Insurance does not have to cost the earth, it can start at a few hundred euros but the most important thing to ensure is that it covers your needs. As with most insurance, there is a pre-qualification questionnaire and you must make sure that the criteria matches your needs and that you qualify for the cover by disclosing the necessary information from the beginning. Factors that will affect your premium are
- your occupation: obviously, some services or professions will attract a higher rating than others.
- the nature of your business: If you store a lot of customers’ personal information such as utility companies, a doctor, or a hospital then the risk is higher than with other businesses and occupations such as a hardware supply shop.
- the turnover of a business: the higher the turnover the higher the risk.
- The cover you require: you might be concerned with loss of revenue, damage to your systems and services, customer data loss, claims by third parties.
- the amounts or limits on the cover you need.
The number of targeted cyber-attacks has more than doubled in Ireland in 2019. Successful attacks on businesses can have a serious impact with 60% or more experiencing loss of IT services because of a breach, 40% or more suffering financial loss, and 40% or more reporting a loss of operational services.
Data leaks and losses can lead to massive regulatory fines, client suing, bad media coverage and can damage the business’ reputation affecting the stockholders’ confidence and profits.
Sheridan Insurance can recommend cyber Insurance that protects businesses of all sizes against the impacts of a cyber-attack, including but not limited to loss of customer data, loss of income, loss of intellectual property, reputational damage, network failure, attempted extortion, system audits, forensic investigations, legal and regulatory advice.
Chat with one of the Sheridan Insurances Team today and let us help you protect what matters most.