What is Not Covered by Cyber Insurance?
Cyber insurance connects policyholders with experts to deal with a crisis and covers many of the costs associated with cybercrime. But cyber insurance is unlikely to cover potential future lost revenue, the theft of any intellectual property or the costs required to bring systems, network and securities up to a higher standard after a cyber threat.
Cyber insurance hasn’t been around a very long time, and as such, is constantly evolving and adapting. By industry standards, most cyber insurance policies are well-rounded. They offer a wide variety of protections (discussed below) that a business might need in the aftermath of a cyber attack.
As with any form of insurance, there are also likely to be several exclusions to be aware of before signing up. These could include:
- If the threat occurred as a result of a hack/leak by a director or partner of the business
- The use of any out-of-date or unsupported software, systems or networks by the business owners or employees
- If the attack occurs as a result of something known before signing up to the policy
- Any damages as a result of a social media post from an account not directly attached to the business
As is the case for most insurances, the insurer will want to be informed as quickly as reasonably possible after an attack, so they can provide assistance and assess and mitigate the damage. Failure to do so may result in an insurer reducing the payment they make or even invalidating cover altogether.
What is covered by cyber insurance?
Cyber insurance is designed to cover the losses after a cyber attack. This may include:
- Losses suffered directly by a business
- The cost of repairing any damage done to software/networks
- Any loss as a result of cyber-fraud or extortion
- Costs of replacing any property damaged beyond repair
- Upgrades for any software/hardware that must be made after a cyber threat
- The hiring of experts to help deal with the threat (PR, cybersecurity, etc.)
- Costs to regain access to data
- Compensation for any time spent in court
Each policy is unique, so protections might exist on one policy that isn’t on another. Make sure to complete thorough due diligence, take a look at policy wordings/summaries and be sure a policy covers everything that’s needed.
As mentioned above, cyber insurance is a relatively young industry by market standards, so there is a decent level of innovation across the insurers. Many of them offer assessments, training and external expert advice to help avoid ever needing to make a claim. This is a novel idea compared to the process of signing up for, say, car insurance.
As always with anything cyber, it’s the business’s responsibility to train and educate staff sufficiently to avoid an incident. A comprehensive strategy should be put in place to avoid a threat and layout how to react if something goes wrong. The National Cyber Security Centre has some excellent guides on putting these strategies together and minimising risk.
Cyber insurance definition
Cyber insurance is a form of insurance coverage designed to protect a business from many of the issues that can arise as a result of a cyber-attack. These range from losses directly as a result of the attack (software/hardware replacements) to helping a business recover in the aftermath (PR, consultants).
Business owners should get a clear understanding from their broker or insurer regarding what is and isn’t covered. There will be exclusions or differences in coverage. In some cases, additional protections can be included to customise a policy to the needs of a business.
Who needs cyber liability insurance?
Any business that handles confidential data should have cyber liability cover. This could be as ‘serious’ as financial information (e.g. card numbers, addresses, etc.) or as ‘innocent’ as email addresses or contact numbers. If an attack does happen, the punishments can be severe, especially since implementing the General Data Protection Regulations (GDPR).
The costs of a cyber leak can be severe. A good cyber liability insurance policy can help a business avoid many of the expenses associated with recovering post-incident. From repairing software, hardware or networks to compensating impacted parties/customers, cyber liability insurance is the best way to make sure a company can bounce back after an attack.