The recent transition to working from home brings new cyber security vulnerabilities. Zoom access violations, housemates sharing work laptops and employees using their own devices have all contributed to new cyber risks that haven’t been considered by many people before.
In our ‘new normal’ there are a few key considerations to be aware of when considering how to protect your business from cyber threats and security issues.
Offices and workplaces generally have consistent security elements in place; but homes are vulnerable to cyber threats due to the infrastructure and multitude of devices that are operating across home networks. They just aren’t as secure.
Also at this time, people are distracted juggling work and family at home, resulting in an increase in cyber risks, with online phishing exercises and fake scam messages more effective than ever.
Being vigilant and aware of cyber attacks is important; remind your team to be discerning around messages, emails and attachments to open and what to avoid.
In addition to educating your people on cyber risk and implementing simple physical measures, such as dual factor authentication, a robust cyber insurance policy is critical in the event your first lines of defence fail.
What is Cyber Insurance?
In what has been deemed the ‘information age’, data is fast becoming a company’s most valuable asset. As a business, holding client data is a big responsibility and opens you up to additional risk in various ways. Just like other aspects of your business, it’s best to mitigate these risks with insurance.
Data breaches can affect individuals on a personal level, when information such as medical records, credit card numbers, ID/passport information, birth dates, and other personally identifiable information falls into the wrong hands.
However, it’s not just personal information that can be vulnerable. Commercially sensitive data, such as proprietary information and intellectual property, can be irrevocably damaging to a business if it were to get into the hands of a competitor or extortionist. We’ve seen this happen first-hand and we know how severe the impact can be.
Cyber crime is a growing problem in Australia, with studies showing 1 in 3 SME businesses will suffer a cyber crime loss at some point. The Australian Government has committed $1.7bn in cyber security in the latest Federal Budget in order to keep Australians safe online. It’s clear this issue is not going away any time soon.
But with Cyber Insurance, you can ensure you’re protected should the worst happen and you fall victim to a cyber crime.
What Does Cyber Insurance Cover Me For?
Cyber liability coverage is specifically designed to protect against liabilities that arise in respect of data protection, personal data management and the consequences of losing important or sensitive information. The Cyber Insurance product covers a business for resulting damages in the wake of a data breach event.
Cyber Insurance also covers a range of expenses related to a data breach:
- Data administrative investigations
- Forensic accounting
- Data administrative fines
- Reputational repair
- Breach notification costs
- Credit monitoring costs
- Cyber extortion/ransom costs
- Loss of profits as a result of an interruption to the business
What are the Benefits of Cyber Insurance?
Unfortunately, no IT system is impenetrable. With increasingly sophisticated attacks being carried out by hackers, it feels more like a ‘when’ and not an ‘if’ I will fall victim to an attack.
Cyber Insurance can help in the following ways:
Managing costs associated with a breach of your data and systems
The cost of the data breach is difficult to budget for and there is no ‘industry benchmark’ to work from. It varies greatly based on the size of the data breach, the type of information stolen (personal customer information versus business information), the type of industry you work in and the systems that house the data you manage.
Paying a set amount for Cyber Insurance coverage gives you peace of mind and allows you to get back to doing what you do best – running your business.
Providing access to support
Given Cyber Insurance claims are typically time sensitive, Insurers have a dedicated response team composed of a specialised panel of experts to manage every aspect of a cyber breach. In the event of a data breach, you will gain immediate access to a wealth of support through IT forensics, public relations, legal council, forensic accounting, negotiators, government liaisons and credit monitoring firms. It’s important that you know you will not have to face a loss alone.
Providing the resources, knowledge and bench strength needed to respond to any breaches
This is where a broker is a useful business partner to have. Not only can they help manage any Cyber Insurance claims, but a good broker will be able to provide contacts and introductions to additional resources you may require to support you through your claim eg: legal, forensic investigators etc.
If you think it can’t happen to you, here are a few experiences we have come across recently.
Cyber Insurance Case Study 1
The Client: Medical Services, 6 staff, $3.2m revenue
The Claim: The Insured’s system, which held confidential medical information about their patients, was compromised by a ransomware attack. As the Insured could not access their patients’ medical data, they were unable to operate.
Outcome: IT Forensic Consultants were appointed to fix damage to the Insured’s system and investigate if the hacker still had access to the system. A law firm was also appointed to assist the remediation process and advise if the client had to report the matter to the Privacy Commissioner. Payment was made in relation to business interruption loss, forensics and legal costs.
Cyber Insurance Case Study 2
The Client: Retailer, 16 staff, $7m revenue
The Claim: A hacker impersonated a supplier of the Insured, using an identical email address. The hacker emailed the Insured advising that future payments should be made to a new bank account. When the Insured was due to pay the client, they paid $41,000 into the fraudulent account.
Outcome: The Insured claimed against their Cyber policy which triggered the optional Social Engineering cover. Indemnity was granted for the direct financial loss suffered by the Insured.
How Do I Get Cyber Insurance?
If you want to learn more about how to protect your business from cyber threats and to chat about your specific business needs, get in touch with one of our Cyber Insurance Advisors today. With absolutely no obligations, we can talk through the best solutions for you and your business.