KEEPING A FINGER ON THE PULSE

We think it's important to stay ahead of new developments in our industry. Knowing what's happening means we can serve our clients better, and like every good insurance intermediary we understand that our clients sit at the heart of everything we do. If you're wondering what's happening in the world of cyber threats right now, and whether you can protect yourself with insurance, here's what you need to know.

Most business insurance policies don’t cover cybercrime, but 52 per cent of businesses mistakenly believe that they do

WHY DIGITAL SECURITY MATTERS

Every human activity comes with a risk of some sort or other attached, and businesses face more risks than ever before thanks to the digital world that runs parallel to our physical world. Wherever there are human beings, there's risky behaviour. And, as it turns out, the biggest risk to digital business is human beings. We are not perfect, we're flawed, and that's why cyber criminals are so successful.

WHAT IS CYBER INSURANCE?

Cyber insurance, also known as cyber risk insurance and cyber liability insurance, protects a business against the financial impact of data breaches and malicious cyber hacks.

How does cyber insurance work and how much cyber insurance do you need? Most cyber insurance policies cover first party costs, those affecting the business, and third party costs where someone else or another business claims against you, as well as paying out to manage and fix a damaged reputation.

First party cyber cover takes care of the cost behind investigating a cybercrime, recovering lost data, fixing computer systems, and any loss of income because the business has had to shut down. It also covers extortion demands from hackers, and notification costs if you need to tell the third parties who have been affected. The third party part of the cover deals with the cost of claims against you, including damages, settlements, and legal defence costs.

Image from Envato Elements

We are not perfect, we're flawed, and that's why cyber criminals are so successful.

WHO SHOULD BUY CYBER INSURANCE?

All data is vulnerable to cyber attack and breach. If your business either uses, stores, or sends electronic data from one place to another, cyber insurance is important. It makes sense that a business storing a lot of personal records, for example in financial services or healthcare, is at more risk than a business that doesn't keep people's personal data. The cost of the policy depends on your business' revenue, sector, the type of data you keep, and how good your network security is.

There are all sorts of ways a mischief maker can mess with your IT systems and data. These are the most common.

• Malware is malicious software that can install itself onto a system via an email phishing scam or via a software vulnerability.
• Malware can spy on a business as well as steal data
• Ransomware attacks computer systems and encrypts data. Then the attacker demands a ransom payment in exchange for the data's safe return. That's why back-up protocols are so important
• Hacking involves breaking into an IT system, usually to steal data

As Techngenix says,"Cybersecurity risks vary significantly across company sizes, industries and based on a company’s use of technology. A $200 million company with an Internet footprint spanning 10 different countries has a different cyber risk profile than a $20 million health-care company that operates locally but handles hundreds of thousands of patient records. One might need a policy with higher limits on data breaches to cover the potential loss of regulated data while the other might need a coverage more focused on business interruption"

Cybercrime is a major worry for businesses of every size. Even if you're self-employed working at home, or a sole trader, online criminals could target your IT systems. In the UK alone, small businesses are targeted by 43% of all cyber crimes. According to Microsoft in 2018 cybersecurity threats were predicted to cost organizations in Malaysia a potential US$12.2 billion in economic losses. That's over 4% of Malaysia’s total GDP of US$296 billion. More than 50% of the organizations surveyed in Malaysia have either experienced a cybersecurity incident, or are not certain whether they had one because they haven't carried out computer forensic checks or data breach assessments.

According to IT Portal, when you classify your business as offline, you still need insurance to protect against cybercrime.

Image by Daria Shevtsova from Pexels

Before you buy, check the policy you're thinking about covers these essentials:

• Recovery of lost or stolen data.
• Management and restoration of your reputation
• Mending IT systems
• Telling any third parties who might be affected
• Defending yourself against legal claims for data breaches
• Paying the damages and settlements demanded
• by successful claims against you.
• Paying back any lost income from business shutdown

Image from Fauxels by Pexels

Image from Envato Elements

Businesses that hold a lot of personal, private or sensitive data are usually more likely to experience data theft. But everyone is at risk and you can't assume you are safe, even if you hold very little data and don't use IT systems extensively. Luckily there are plenty of common sense things you can do to reduce the risk.

• Carefully assess the particular risks you face
• Include every activity your business does online
• Do any of your staff use their personal devices for work? If so include them in your list
• If staff work away from the office, consider a Virtual Private Network for cyber-secure working away from the premises
• Staff training is a vital element of cybersecurity – teach them to be vigilant
• One training session is not enough. Continually train your people so they always know the latest risks to watch out for

THE FUTURE OF CYBER INSURANCE

Cyber insurance is still fairly new and adoption levels are quite low. The insurance market has to keep up a a healthy loss ratio as regards cyber claims. To underwrite these risks properly insurers and brokers need a consistent set of data. It's early days, but it's happening.

Insurers have started to use advanced techniques like artificial intelligence to assess insurance claims, and this means making a claim isn't always straightforward. Some insurers see Personal Lines cyber cover as the next big opportunity, because consumers are becoming more aware of their own vulnerability to data breaches.

The Internet of Things (IoT) is making personal protection even more important, but some insurance experts claim there's do apparent demand from consumers for a stand-alone cyber product. At the same time ransomware is experiencing a resurgence at the moment, and that currently accounts for 18% of all cyber insurance claims And ransom demands alone now average $116,000 in the USA, according to Beazley Breach Response Services. In our region, as well as financial losses, cybersecurity incidents are also undermining organizations’ ability to take advantage of digital opportunities. As the Microsoft study we mentioned earlier in this article reveals, more than 62% of respondents said their organisation has 'delayed digital transformation' thanks to a fear of cyber attacks. Too many businesses are treating cyber security like an afterthought, many lack a strategy altogether, and a 'complex environment' of the type created by many, with multiple cybersecurity solutions in place, actually makes systems less secure, not more.

Image by Saksham Choudhary from Pexels

SUPPORT WITH CLAIMS AND RISK MANAGEMENT

We clearly live in interesting times as far as cyber insurance goes! In a landscape like this we recommend you use an insurance claims consultant to help you deal with any cyber claims swiftly and efficiently. We provide both risk management and claims support to all our policyholders, so when you buy cyber insurance from us you will always get the support you need.