LEARN MORE
WHY CYBER LIABILITY INSURANCE?
Cyber or computer crime is one of the leading risks facing businesses globally, with smaller businesses being particularly vulnerable. In Kenya alone, cybercrime costs the economy over KES 20 Billion annually. It takes just one successful cyber-attack to cause significant financial and reputational damage to your business. When cybercriminals infiltrate a network, hold data hostage, or acquire sensitive data, the company they steal from can be held liable for the incident.
Cyber-attack can be a stressful experience for your business, so having the correct cyber liability cover is crucial. You will have the funds to recover from the financial repercussions of stolen data, to rebuild and restore your customers’ faith.
All organizations, whether start-ups, non-profit or multinational require Cyber Liability Insurance to keep their operations up and running in the face of a cyber-attack.
Cyber liability insurance protects your business against the expenses associated with data breach or an attack by a malicious hacker that affects the computer systems by providing cover for costs of regulatory compliance, data recovery, crisis containment and reputational support.
Cyber liability provides cover against the cost of breach, technical or legal services, the cost of forensic analysis, crisis management, the cost of recovering electronic data and other regulatory actions and business interruption and lost revenues following cyber-attack.
WHAT YOU NEED TO KNOW
What Is Cyber Liability Insurance?
Cyber Liability insurance is a type of insurance that can help protect a business in the event of a data breach, network security failure, or other cyber threat, and from risks relating to information technology infrastructure and activities. It provides cover against the cost of breach notifications required domestically and internationally, technical or legal services for responding to government inquiries regarding the cyber-attack, the cost of forensic analysis to determine the nature and extent of the breach, the cost of crisis management, the cost of recovering electronic data, liability and legal expenses to help cover settlements from possible stakeholder lawsuits, fines, investigations, penalties, and other regulatory actions and business interruption and lost revenues following cyber-attack.
What Is Cyber Risk?
Cyber risk is the risk of financial or reputational harm or damage to a business entity resulting from the failure or disruption of its information technology systems, including computer systems. The various types of cyber incidents that create cyber risk include hacker attacks, spear phishing via emails, Virus, malware, ransomware, or spyware, IT system failure, cyber extortions, denial of service attacks, malicious destruction of data or misuse of personal data, breach of privacy, defamation or slander, including the transmission of malicious content.
What Type Of Data is Covered By Cyber Liability Insurance?
Cyber Liability insurance policies typically address the following types of data - Personally identifiable information (PII), including names, addresses, telephone numbers, social security numbers, account numbers, driver’s license numbers, passwords, and financial information. Protected health information (PHI), including any individually identifiable health information and any part of a patient’s medical record. Payment card information (PCI), including names, account numbers, expiration dates, verification numbers, security codes and other personal information held to process a payment card transaction. Confidential and protected corporate information, including client information, intellectual property, trade secrets, or merger and acquisition information
What type of coverage is available under cyber insurance policies?
Insurance companies offer first-party and third-party insurance policies for cyber losses. First-party coverage insures for losses to the policyholder’s own data, lost income or other harm to the policyholder’s business resulting from a data breach, cyber-attack or ransomware attack. First-party coverage applies to direct costs of the insured business for responding to a data breach or security failure. Third-party coverage insures against liability to third parties (including customers and government entities) as a result of a data breach, cyber-attack or ransomware attack. Third-party coverage applies when persons sue or make claims against the insured business, or governments or regulators demand information from the insured business.
What Types of First-party and Third-party Coverage Are Available?
First-party coverage includes Business interruption, Computer data loss and network restoration, Forensic investigation services, Notification costs, Crisis management and public relations, Extortion and ransomware. Third-party coverage includes litigation, Governmental and regulatory action, Credit and fraud monitoring and multimedia.
What Types of Business Entities Should Have Cyber Liability Insurance?
Any business entity that handles confidential client, customer or employee information, such as personally identifiable information, should have Cyber Liability Insurance. Likewise, any business entity using a company website, email or other internet capabilities, or a business that provides IT- related work, should have Cyber Liability Insurance. Also, commercial best practices indicate that business entities should have Cyber Liability Insurance coverage, especially given the increasing number of cyber-attacks and data breaches.
What Is Excluded From Coverage Under Cyber Liability Insurance?
Similar to other types of insurance policies, cyber insurance policies often exclude certain losses from coverage. Typical exclusions include claims arising from war, breach of contract, theft of trade secrets, unfair trade practices, and employment practices. Cyber insurance policies also typically exclude coverage for wilful, intentional, deliberate, malicious, fraudulent, dishonest, or criminal acts or omissions of the insured.
Do Business Entities Need Cyber Liability Insurance If They Use State-of-the-art Protection, Including Antivirus Software, Data Encryption or an IT Department?
Having the latest technology, such as firewalls, encryption, security software or IT outsourcing, helps to reduce the risk of a breach, but this technology does not make an entity impermeable to cyber losses. Sophisticated businesses with top-of-the-line anti-virus software and expert IT departments have experienced high-profile data breaches resulting in dramatic financial losses. Additionally, cyber risks and losses can result from human error, such as a lost laptop or discarded documents that were not shredded. Having appropriate cyber insurance coverage in place is another way to mitigate harm and damages, but such insurance is not a substitute for strong technology and human cybersecurity measures, such as ongoing training and security policies and protocols. Cyber insurance sits alongside and complements other cybersecurity controls.
What Should Business Entities Do When a Cyber-incident Happens That Might Be Covered By Cyber Liability Insurance?
Business entities with Cyber Liability Insurance should immediately notify their insurer or intermediary when a cyber-event occurs. Special care should be taken to ensure that the notification is within the time frame specified in the Cyber Liability Insurance policy. Many insurance companies have a pre-approved panel of attorneys, consultants and vendors that insured businesses can consult and begin using following a breach.