What is cyber liability insurance?
Cyber liability insurance helps businesses who fall victim to computer failure and cyber crime. Cyber liability insurance UK not only covers the financial hit a company takes if its computer systems are compromised but also provides access to IT and legal experts to get a business back up and running.
There is a range of options available to businesses, with some very basic packages costing as little as £11 a month.
But bigger businesses with more at stake may take out much more comprehensive coverage, explained below.
Sadly the risk to businesses that operate online or have complicated computer operating systems will never cease. Even with high levels of security, a company can fall victim to hackers and online extortionists who can bring down entire systems.
There has even been a case where a cyber insurance provider was taken down by an attack. CNA Financial, one of the biggest cyber insurance providers in the world, had to fully shut down operations for three days in 2021 to investigate what happened and restore its systems, according to NimbleFins. The company, which in 2020 recorded revenue of $10 billion, fears hackers may have stolen customer data, which in turn could lead to its clients being targeted, with the criminals knowing their weak spots.
If a cyber insurance provider can fall victim to online crime, anyone can.
What does a cyber liability insurance policy cover?
Cyber liability insurance policies cover problems affecting both the policyholder and third parties, if specified. While not every cyber liability insurance policy covers the same things, third-party insurance sees customers and contacts protected as well as the policyholder, which can offer relief when a business is trying to protect its reputation.
First party cover typically includes:
Legal expenses and assistance: This is the most common part of businesses’ cyber liability insurance policies, with 73% of those with a policy holding this cover according to the Government’s 2020 Cyber Security Breaches Survey. Legal assistance can feature in several different elements of cyber liability insurance, with experts on hand to guide a business through managing an attack, as well as the implications of a privacy breach, plus dealing with compensation claims.
Business interruption: This is another one of the most commonly-held elements of cyber insurance, with 68% of those with a policy holding this cover according to the same Government survey. It covers the money lost from a disruption to trading, plus any extra costs incurred as a result of the incident.
Managing an attack: If the business is the victim of an incident, whether that be a cyber crime or an IT network failure, this part of cyber liability insurance puts the policyholder in touch with legal and computer experts to navigate the law and get systems back up and running.
Notification costs: Covering the cost of telling customers, suppliers and other third parties the business has fallen victim to an incident.
Reputation management: This can be part of the notification costs process, and covers the added expense of keeping the company’s good name in fact by, for example, offering discounts or paying for a PR campaign.
Investigations: To find the source of the incident.
Restoring computer systems: To get a business back up and running.
Recovering lost data or programmes: Another way to get the business operational again, experts can work to find lost documents. Insurance against lost data is the third most commonly-held part of cyber liability insurance according to the Government’s 2020 survey.
Cyber extortion: Practical advice if a ransom is ordered from hackers. In some cases (although not advised as the first port of call) insurers can cover the financial demand.
Third-party cover can include:
Media liability: If a data breach means a third party can claim defamation if their information is published and it negatively impacts them, this part of a policy will fund legal costs and any damages awarded.
Privacy protection: Again funding compensation and associated legal claims if a third party’s right to privacy has been breached due to a cyber incident.
Who needs cyber liability insurance?
Cyber liability insurance is not legally required but any business using a computer may wish to consider the policy. Businesses that would be foolish to ignore cyber insurance are those that process bank card payments and handle sensitive data. But also organisations that work using computer equipment or networks would be wise to consider cyber insurance as the cost of a business unable to trade due to IT issues has the potential to be vast.
The truth is the number of cyber crime cases to hit the UK is worrying. There is an attempted cyber attack in the UK every 1.3 seconds. That’s a 45 minute, and 65,000 a day, according to Hiscox.
And the Department for Business, Innovation and Skills puts the average cost of a security breach at between £600,000 to £1.15 million for large businesses. Its 2014 report into cyber crime said there was an “emerging culture for cyber security insurance”.
Some aspects of cyber liability insurance are covered by other packages. Business interruption insurance can be provided in a business insurance package. And commercial property insurance can also cover damage to computer networks if there was a qualifying incident such as a flood or fire in the premises which destroyed IT equipment.
However, dealing with data breaches and restoring lost documents or failed computer networks, or managing a cyber crime are only covered with cyber liability insurance.