Post Published On:
Cyber insurance is a product used to protect businesses and individual users from cyber risks. It was designed to help an organization mitigate risk of exposure by offsetting costs required during recovery after a cyber-related security breach.
Cyber insurance cannot protect an organization from cyber crime. However, it can keep a business on stable financial footing in case a significant security event occurs.
The growth of interest in cyber insurance across the Middle East can be partly attributed to the growing awareness of cyber risks among companies. Particularly those that have already experienced cyber attacks. For example, the Shamoon II attack in Saudi Arabia demonstrates the disruptive impact a cyber attack can have on a company. As a result of this attack and others, regulators and senior executives have been prompted to review their enterprise risk management strategies.
What does Cyber Insurance Cover?
There is still no standard approach on which the insurance industry underwrites cyber liability coverage. Cyber insurance typically covers expenses related to first parties as well as claims by third parties. The following are common reimbursable expenses:
- Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from reoccurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement entities.
- Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy, as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
- Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
- Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.
What is not covered by Cyber Insurance?
- First party cover: Physical loss or damage. For example, the physical damage to 30,000 computers experienced by Saudi Aramco during the Shamoon II attack of 2012.
- Outsource service provider costs: These are costs arising out of network interruption failures of devices controlled or operated by a third party.
- Losses arising from affiliated companies: Some insurance policies may have a restricted definition of the insured company to provide cover only for the company named as insured on the insurance policy and any subsidiary companies where the parent owns a certain percentage ownership interest. Therefore, affiliated companies may not be covered.
- Voluntary transfers: This occurs where the insured is tricked into voluntarily transferring money to a third party. This is also known as social engineering fraud.
- Malicious acts by an employee: Malicious fraudulent acts may be excluded under a cyber policy.
- Payment card industry – merchant services agreement charges: Such agreement involves third parties processing personal information. Unless specifically agreed between the insurer and the insured, coverage may not be provided if the entity performing the service is not the insured entity that sustained the damage or loss.
- Betterment: This involves the upgrading or enhancement of a company’s computer system following a cyber attack.
Our specialised team at Ingram Micro can help you address three focus areas (People, Processes and Technology) to help protect your organisation against threats which may not be covered by Cyber Insurance. You can visit our website to understand more about the services we offer or you can fill out the below form and a member of the team will be in touch.