Cyber insurance policies explained

Cyber insurance policies tend to be modular in nature, meaning that they consist of a variety of different coverage areas and, for many, that has led to confusion around exactly how this cover fits together to create a uniform whole.

To help explain this further, we’ve dissected a cyber policy section by section to show how each part functions.

Most cyber policies can be divided into two areas of cover – first party and third party.

The first party is you, so this cover is for your own financial loss arising from a cyber event, which is defined as any actual or suspected unauthorised system access, electronic attack, privacy breach, or system downtime. It’s important to note that the vast majority of cyber claims stem from first party losses.

The third party section covers you for claims made against you arising from a cyber event.
Within the context of a cyber insurance policy, cybercrime usually refers to attacks that involve theft of funds from the victim as opposed to theft of data or other digital assets. This usually happens in one of three ways:

1. Extortion, where hackers threaten to expose or destroy data that they have already compromised in order to extort money

2. Electronic compromise, where attackers manage to hack into your network and gain access to online accounting or banking platforms

3. Social engineering, where attackers imitate a senior member of staff, or one of your customers or suppliers

You should look for a policy that covers the full range of cyber crime types, from funds transfer fraud and ransomware to targeted extortion and emerging forms of malware such as cryptojacking, where your IT system is used to mine cryptocurrency, or botnetting where your systems are used to send malicious traffic.

You will need to check that your systems and procedures are robust as it may be a condition of the policy that you must have some levels of security in place, such as call-back procedures on money transfer requests.

A quick recovery from a cyber event is key, which is why incident response is at the heart of any good cyber policy. This section of cover will generally pick up all the costs involved in responding to a cyber incident in real time, including IT security and specialist forensic support, legal advice in relation to breaches of data security, and the costs associated with having to notify any individuals that have had their data stolen. One of the most important aspects of a cyber policy is that it provides speedy access to the right specialists as well as paying for their service.

What really gives a cyber policy value is a strong system damage and business interruption section. Helping to keep your business up and running, this crucial section covers the costs for data and applications to be repaired, restored or recreated in the event that computer systems are damaged as a result of a cyber event. It also reimburses the loss of profits and increased cost of working as a result of interruption to business operations caused by a cyber event or prolonged system downtime.

Lawsuits and fines could destroy your business, which is why network security and privacy liability is another important part of a cyber policy. This section covers third party claims arising out of a cyber event, be it transmission of harmful malware to a third party’s systems or failing to prevent an individual’s data from being breached. It is worth noting that fines for a breach of certain sections of GDPR are up to 4% of turnover, with a limit of twenty million Euros.

An (often optional) section that should not be overlooked if you have a website and use email, is media liability. This covers third party claims made against you arising out of defamation or infringement of intellectual property rights.

We are here to help you to source the most appropriate cyber cover to meet your exact requirements.

Call us on 01865 292929 or get in touch via info@mathewscomfort.com to find out more about how we can help you with all of your cyber insurance needs.