Cyber Risk insurance (or Cyber Liability insurance) is designed to protect your company from technological threats such as data breaches or malicious cyber-attacks on computer systems.
These incidents can disrupt any business, causing reputational damage, operational downtime, financial loss, and legal action.
Do we need Cyber Risk insurance?
Cyber Risk insurance is necessary if you:
- Hold personal data (names, addresses, and bank/credit card details)
- Store business-critical data electronically
- Rely on technology to operate
- Have a website
- Have an online bank account
- Have a payment card industry or bank merchant services agreement
Cyber Risk insurance also demonstrates to auditors, regulators, compliance teams, clients and other stakeholders that resources are in place to address cyber risk.
What does Cyber Risk insurance cover?
In the event of a cyber-attack, most cyber risk insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted.
First-party cover typically includes:
- Cost of investigating a cybercrime or event
- Access to appropriate experts
- Recovering data lost in a security breach
- Restoration of computer systems
- Loss of income
- Reputation management
- Extortion payments demanded by hackers
- Notification costs where you are required to notify third parties affected.
Third-party cover (claims against you) typically includes:
- Damages and settlements
- The cost of legally defending yourself against claims
Ultimate responsibility lies with the company director – even if they have delegated the management of cybersecurity to others. Therefore, directors’ and officers’ insurance is essential to support cyber risk insurance, if it is not covered by the policy.